HÀ NỘI — The Vietnam National Authority of Tourism (VNAT) has issued a warning about a large-scale global cyberattack campaign known as ClickFix, which is rapidly spreading and targeting accommodation facilities across the country, including hotels, homestays and resorts.

The alert follows a rise in cases where hackers have used phishing techniques to impersonate emails from popular booking platforms such as Booking.com and Expedia, amid forecasts of surging room reservations ahead of the New Year and Tết (Lunar New Year) holidays.

According to the VNAT, attackers are sending fraudulent e-mails with familiar subject lines such as “booking confirmation”, “customer complaint”, “payment update” or “reservation cancellation”, designed to mimic genuine platform correspondence.

With interfaces almost identical to real e-mails, distinguishing authentic messages from fake ones has become increasingly difficult. As tens of thousands of accommodation providers operate on online booking platforms, the risk of attack is significant, particularly as many reception and reservations staff have not received sufficient cybersecurity training.

Experts from BKAV, a technology corporation specialising in cybersecurity, software, e-government and smartphone manufacturing, explained that these emails often contain links or Excel files disguised as invoices or booking information but embedded with malicious code. Clicking on links or opening attachments can instantly trigger malware.

ClickFix is powered by PureRAT – a remote-access trojan that allows attackers to monitor users, steal account credentials, expand attacks and remain hidden for prolonged periods. Notably, the campaign appears to operate under an “Attack-as-a-Service” model, meaning that anyone can purchase tools pre-loaded with malware and carry out attacks without advanced technical skills – increasing the scale and impact of malicious code dissemination.

Cybersecurity experts advise email users to remain vigilant, carefully check sender addresses, and avoid opening unfamiliar attachments or links. They recommend accessing booking platforms only through official websites or apps.

Meanwhile, accommodation providers are urged to deploy email monitoring systems, antivirus software and advanced anti-malware solutions, as default operating-system protection offers only basic security and cannot defend against modern, persistent viruses and ransomware. — VNA/VNS