Beware: Fake Booking.com Emails Delivering Malware – How to Spot The ClickFix Scam!

Cofense Intelligence uncovers the rise of ClickFix scams impersonating Booking.com to deliver malware. These email scams trick users into running malicious scripts disguised as CAPTCHAs. Watch out for fake prompts that ask you to run commands on your computer. Stay alert to protect against XWorm RATs and data-stealing threats.

3P
Published: June 5, 2025 12:10 pmAdded: June 5, 2025 at 5:34 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Booking.com is now offering vacations to malware paradise! Just when you thought your worst travel nightmare was losing your luggage, here comes an email scam that can take you on a digital detour straight to Hacker’s Haven. So, pack your bags, or maybe just your antivirus software, because these scammers are checking you in for a stay you definitely didn’t book!

Key Points:

  • ClickFix email scams impersonate Booking.com to deploy malware.
  • The campaign has rapidly increased, with March 2025 seeing a 47% surge.
  • Fake CAPTCHAs are used to trick users into running harmful scripts.
  • Malware includes XWorm RAT and information stealers like Pure Logs Stealer.
  • Scams solely target Windows users, using deceptive legitimacy tactics.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?