Phishing Campaign Exploits Ads to Breach Hotel Property Management Systems

A sophisticated malvertising campaign has emerged that specifically targets hoteliers and vacation rental operators by impersonating well-known service providers.

Okta Threat Intelligence reports that attackers have used malicious search engine advertisements—particularly sponsored ads on Google Search—to lure unsuspecting hospitality professionals to counterfeit login portals.

The ultimate goal: harvesting credentials for cloud-based property management and guest messaging platforms.

Beginning in mid-2025, researchers observed attackers purchasing sponsored ad placements for at least thirteen reputable hospitality and vacation-rental technology vendors.

When users search for one of these vendors by name, the top sponsored results direct them to look-alike domains that leverage typosquatting variations of legitimate URLs.

Once on the fake site, victims encounter highly convincing replica login pages requesting their corporate email, password, and even phone number.

These malicious ads appeared above the genuine vendor domains in search results ...