Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests' Payment Data

In 2025, Russian hackers launched a phishing campaign targeting hotel guests by creating over 4,300 fake travel websites to steal payment data. The campaign, which began in February, uses sophisticated phishing kits to mimic popular booking platforms like Booking.com and Airbnb. Victims receive phishing emails urging them to confirm bookings, leading to fake sites that collect card details. The campaign's automation and use of phishing-as-a-service kits highlight the increasing ease and scale of phishing attacks.