Scam of the Week – Booking.com customers targeted with phishing emails and fake WhatsApp messages

June 7, 2018 2:37 pm Geraldine Strawbridge

Fraudsters have targeted Booking.com customers with phishing emails and fake WhatsApp messages in an attempt to steal money.

A large number of hotels and guest houses featured on Booking.com have been targeted with phishing emails informing them that there has been a security breach and they will need to change their account passwords. The message also included a link that once clicked redirected users through to a site where attackers gained full access to their customer booking details.

Victims were then sent a further message warning them that full payment for their holiday accommodation was now needed and provided them with bank details to make the payment.

According to reports, the phishing emails contained personal customer information such as names, addresses, phone numbers, reference numbers, costs and booking dates. This led many customers to believe they were receiving legitimate messages from the travel company.

Booking.com said its systems were not compromised, but hotels it works with on a separate portal were, and that any customers affected would be compensated.

A spokesperson for Booking.com commented on the attack: “Security and the protection of our partner and customer data is a top priority at Booking.com. Not only do we handle all personal data in line with the highest technical standards, but we are continuously innovating our processes and systems to ensure robust security on our platform.

“In this case, there has been no compromise on Booking.com systems. A small number of properties have been targeted by phishing emails sent by cybercriminals and by clicking on those emails, the properties compromised their accounts. All potentially impacted guests have been notified and because we value our customers at Booking.com, we are supporting impacted guests to compensate for any losses incurred and reclaim these from the property.

“If customers have any questions regarding their reservation or to report losses, they can contact our customer service team.”

The attack is just one of the latest to hit the travel industry with the summer season fast approaching. Just last month Ryanair customers were targeted with a scam offering free tickets via WhatsApp, and in a similar scam, people were targeted with messages appearing to come from Aer Lingus offering free flights if they clicked on a link.

We can expect to see the number of travel scams shooting up in the next few months, however, there are a number of steps that can be taken to reduce the chance of attack. 

  1. Only book travel arrangements through reputable companies
  2. Make sure your travel company is a member of a recognised trade association like ABTA or has an ATOL logo and number
  3. To make sure the site you are on is safe and secure, look for a padlock symbol in the address bar and check that the website URL begins with a ‘https://’ or ‘shttp://’
  4. Always study the terms and conditions and be very wary of any companies that don’t provide paperwork
  5. Never click on suspicious links or download attachments from unknown sources
  6. If an offer seems too good to be true, it usually is!

For further information on how MetaCompliance can help keep protect you from the growing range of phishing and ransomware attacks, click here.