Back to Back Issues Page
Fake Booking.com Sites
June 15, 2025
Hello

Fake Booking.com Sites

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:

Subscribe Here

Fake Booking.com Sites

Cybercriminals have started a campaign of redirecting links placed on gaming sites and social media — and as sponsored ads — that lead to fake websites posing as Booking.com. 40% of people book travel through a general online search, creating a lot of opportunities for scammers.

Following the links brings visitors to a familiar strategy where fake CAPTCHA websites hijack your clipboard and try to trick visitors into infecting their own device.

As usual on these websites, by putting a checkmark in the fake Captcha prompt you’re giving the website permission to copy something to your clipboard.

Afterwards, the scammers involved will try to have the visitor execute a Run command on their computer. This type of prompt is never used in legitimate Captcha forms and should be immediately suspicious to all individuals.

What the website just put on the clipboard may look like gobbledegook to some, though more experienced users will see the danger.

The cybercriminals used mixed casing, quote interruption, and variable name manipulation to hide their true intentions.

The malicious Captcha form tells the user to copy the content of the clipboard into the Windows Run dialog box and execute the instructions from the above command. Should a user fall for this without any protections enabled, the command will open a hidden powershell window to download and execute a file called ckjg.exe which in turn would download and execute a file called Stub.exe which is detected as Backdoor.AsyncRAT.

Backdoor.AsyncRAT is a backdoor Trojan which serves as a Remote Access Tool (RAT) designed to remotely monitor and control other computers. In other words, it puts your device at the mercy of the person controlling the RAT.

The criminals can gather sensitive and financial information from infected devices which can lead to financial damages and even identity theft.

How to stay safe

There are a few things you can do to protect yourself from falling victim to these and similar methods:

1. Do not follow instructions provided by a website you visited without thinking it through

2. Use an active anti-malware solution that blocks malicious websites and scripts

3. Use a browser extension that blocks malicious domains and scams

4. Disable JavaScript in your browser before visiting unknown websites

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!

Steve

Back to Back Issues Page