Booking.com customers warned of ‘well-designed scam’ putting details up for sale on dark web | Science and technology news



Booking.com customers have been warned about a “well-designed scam” that has seen account details sold on the dark web.

Cyber ​​security firm Secureworks said criminals are targeting the site’s partner hotels to steal user information.

They then send phishing emails to customers claiming that their reservation will be canceled if they do not provide payment information immediately.

Rafe Pilling, director of threat intelligence at Secureworks, said the tactic had a “high success rate”, and Booking.com said it was aware some of its partners had been affected in recent months.

“While this breach was not on Booking.com, we understand the seriousness of those affected, which is why our teams are working hard to support our partners in securing their systems as quickly as possible and help any potentially affected customers comply hereby, including restoring any lost funds,” it states.

The scam unfolds in two phases, starting with the hotels themselves being hit by fraudulent emails.

They often claim to be from a guest who left valuable documents behind during their stay, who then sends a follow-up email directing the hotel to a Google Drive link purporting to display a photo of the lost item.

The link actually contains malware called Vidar Infostealer, which gives the criminals access to the Booking.com account portal that people use to make their reservations.

From there, they can target customers.

Watch for ‘sense of urgency’

In one case involving a hotel in Scotland, a receptionist was duped by a scam caller who claimed to book a room for herself and her child with severe allergies.

They said it would be easier to email a document detailing the child’s allergies to determine if the hotel could accommodate them, and the attachment contained the malware.

It collected details of all the hotel’s Booking.com customers and sent them fake emails saying they had 24 hours to pay.

Jude McCorry, chief executive of Scotland’s Cyber ​​and Fraud Centre, told Sky News it was a “well-designed scam” that less tech-savvy people would find it “very difficult” to identify.

She said a “sense of urgency” in demanding money was often a sign that something might be wrong.

Secureworks has found Booking.com credentials being sold on dark web forums for up to $2,000 (£1,576).

It said the scam was not easy to shut down because it relies on Booking.com and its partner hotels having effective controls in place, as well as employees and customers recognizing the threat.

The company has recommended that hotels make staff aware and teach them how to identify such attacks, while customers should use multi-factor authentication to protect their accounts.

They should also question any emails or app messages requesting payment information and contact Booking.com or the hotel directly if they have concerns.

Read more technical news:
Creepy scams to avoid while shopping online
Astronomical first found in neighboring galaxy

Elon Musk tells fleeing advertisers to ‘f*** yourselves’

Booking.com said online fraud was a “pressing problem across many sectors” and that the company had made “significant investments to limit the impact of these ever-evolving tactics”.

“Due to the rigorous controls and machine learning capabilities we employ, we are able to detect and block the overwhelming majority of suspicious activity before it affects our partners or customers,” it added.

“We’ve also shared additional tips and updates with our partners on what they can do to protect themselves and their businesses, along with the latest information on malware and phishing, so they’re as up-to-date as possible on the latest trends. shows.

“In terms of some practical steps customers can take to stay safe online, we recommend vigilance and that people carefully check the payment policy details detailed in their booking confirmation.

“If a property or host appears to be asking for payment outside of what’s on their confirmation, they should contact our customer service team for support.

“It’s also good to remember that no legitimate transaction will ever require a customer to provide their credit card details via phone, email or text (including WhatsApp).”


Leave a Reply

Your email address will not be published. Required fields are marked *