Cybercriminals are increasing their attacks on customers of Booking.com by issuing advertisements on dark web forums seeking aid in scouting for victims, reported BBC.

The hackers are claimed to be providing up to $2,000 to get login details of hotels.

According to the news report, customers have been duped into sending money to hackers since at least March 2023.

Booking.com is a leading online travel agency for holidaymakers. While cybersecurity experts state that the website itself has not been attacked, hackers have found ways to get into the websites of hotels.

According to cybersecurity company Secureworks, which investigated the scam, the criminals were initially duping hotel employees into downloading a malicious software called Vidar Infostealer.

The modus operandi of the hackers is to first send out an email to the hotel staff by impersonating a former guest who forgot their passport in their room and then send out a Google Drive link on the pretext that it features an image of the passport. Once the link is downloaded, malware gets installed on staff computers, which then automatically scouts for Booking.com access.

The criminals log into the portal of Booking.com, enabling them to view all customers presently staying or with holiday reservations. On receipt of messages from the official app, customers are getting duped into paying money to them rather than the hotel.

With hackers seeming to make so much money via their attacks, they are providing thousands to those criminals who can provide access to hotel portals.

Commenting on this development, a Booking.com spokesman was quoted by BBC as saying: "While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds.