Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – customers targeted with phishing emails and fake WhatsApp messages

Fraudsters have targeted customers with phishing emails and fake WhatsApp messages in an attempt to steal money.

A large number of hotels and guest houses featured on have been targeted with phishing emails informing them that there has been a security breach and they will need to change their account passwords. The message also included a link that once clicked redirected users through to a site where attackers gained full access to their customer booking details.

Victims were then sent a further message warning them that full payment for their holiday accommodation was now needed and provided them with bank details to make the payment.

According to reports, the phishing emails contained personal customer information such as names, addresses, phone numbers, reference numbers, costs and booking dates. This led many customers to believe they were receiving legitimate messages from the travel company. said its systems were not compromised, but hotels it works with on a separate portal were, and that any customers affected would be compensated.

A spokesperson for commented on the attack: “Security and the protection of our partner and customer data is a top priority at Not only do we handle all personal data in line with the highest technical standards, but we are continuously innovating our processes and systems to ensure robust security on our platform.

“In this case, there has been no compromise on systems. A small number of properties have been targeted by phishing emails sent by cybercriminals and by clicking on those emails, the properties compromised their accounts. All potentially impacted guests have been notified and because we value our customers at, we are supporting impacted guests to compensate for any losses incurred and reclaim these from the property.

“If customers have any questions regarding their reservation or to report losses, they can contact our customer service team.”

The attack is just one of the latest to hit the travel industry with the summer season fast approaching. Just last month Ryanair customers were targeted with a scam offering free tickets via WhatsApp, and in a similar scam, people were targeted with messages appearing to come from Aer Lingus offering free flights if they clicked on a link.

We can expect to see the number of travel scams shooting up in the next few months, however, there are a number of steps that can be taken to reduce the chance of attack. 

  1. Only book travel arrangements through reputable companies
  2. Make sure your travel company is a member of a recognised trade association like ABTA or has an ATOL logo and number
  3. To make sure the site you are on is safe and secure, look for a padlock symbol in the address bar and check that the website URL begins with a ‘https://’ or ‘shttp://’
  4. Always study the terms and conditions and be very wary of any companies that don’t provide paperwork
  5. Never click on suspicious links or download attachments from unknown sources
  6. If an offer seems too good to be true, it usually is!

For further information on how MetaCompliance can help keep protect you from the growing range of phishing and ransomware attacks, click here.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations