The attacks on the online platform booking.com aim to infect the accommodation's computer system with malware or to access customer data. Our partners at Watchlist Internet have looked at the attack and are warning you.

Booking.com scam #1: Malware via email

An alleged guest contacts the property with a request to send a direct email address. The fraudsters claim to want to send directions to the hotel. The reason for this is, for example, that you are traveling from China and Google Street View does not work there. The alleged guest has created a map with the route to the hotel and would now like to have this confirmed. The addition that these are seniors who don't know their way around very well is also often used. Here is an example of such a message:

booking.com targeted by cyber attacks: First fraudulent email to contact you, Image: Screenshot Watchlist Internet
booking.com targeted by cyber attacks: First fraudulent email to contact you, Image: Screenshot Watchlist Internet

Here in the German translation:

booking.com targeted by cyber attacks: First fraudulent email to contact you, translated, Image: Screenshot Watchlist Internet
booking.com targeted by cyber attacks: First fraudulent email to contact you, translated, Image: Screenshot Watchlist Internet

The accommodations will then receive an email which – as announced – contains a link. Here is an example of such a message:

booking.com targeted by cyber attacks: Second fraudulent email with dangerous link, image: Screenshot Watchlist Internet
booking.com targeted by cyber attacks: Second fraudulent email with dangerous link, image: Screenshot Watchlist Internet
booking.com targeted by cyber attacks: Second fraudulent email with dangerous link, translated, Image: Screenshot Watchlist Internet
booking.com targeted by cyber attacks: Second fraudulent email with dangerous link, translated, Image: Screenshot Watchlist Internet

However, malware is hidden behind the link. The exact damage that can be caused is currently unclear. However, the fraudsters seem to be after the booking.com access data in order to take over the accommodation account. However, it is also possible that other passwords stored in the web browser can be accessed.

Caution! Virus scanners do not necessarily detect the malware

The dangerous links and attachments are only recognized by a few anti-virus scanners. Therefore: Be particularly careful with such requests and do not open any unknown links or files. You can report attempted attacks to hotels@wko.at , to the Cybercrime Reporting Office ( against-cybercrime@bmi.gv.at ) and using our reporting form .

booking.com scam #2: Collecting customer data

The second scam involves phishing messages. However, these messages are sent from your extranet account. The criminals gained access to your account by successfully carrying out the first attack described or through other security holes.

Cybercriminals contact your guests and, as a first step, ask them to confirm the reservation. Another message claims that there are problems with payment or credit card details. To fix the problem, customers should click on a link and enter their credit card details. These end up directly in the hands of criminals. Here, too, the main communication does not take place via booking.com, but via email or WhatsApp.

Here's how to protect yourself from these scams

  • Inform your employees about these cyberattacks. This particularly applies to employees who are responsible for online communication with guests.  
  • Cybercriminals try to circumvent booking.com's security measures by using other communication channels. It is therefore best to use the booking.com messenger. If communication is via email or WhatsApp, you need to be particularly careful.
  • Check links before clicking them. You can scan potentially dangerous links on the virustotal.com
  • Keep antivirus programs up to date to detect new threats.

Have you been a victim? Contact booking.com to report the fraud and get your account back . We also recommend filing a free criminal complaint with the police.

Source:

Watchlist Internet
Already read? A current Mimikama fact check: Criminal network dismantled as part of the international operation “Dawnbreaker”.


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )