Fraudsters have targeted Booking.com customers with phishing emails and fake WhatsApp messages in an attempt to steal money.
A large number of hotels and guest houses featured on Booking.com have been targeted with phishing emails informing them that there has been a security breach and they will need to change their account passwords. The message also included a link that once clicked redirected users through to a site where attackers gained full access to their customer booking details.
Victims were then sent a further message warning them that full payment for their holiday accommodation was now needed and provided them with bank details to make the payment.
According to reports, the phishing emails contained personal customer information such as names, addresses, phone numbers, reference numbers, costs and booking dates. This led many customers to believe they were receiving legitimate messages from the travel company.
Booking.com said its systems were not compromised, but hotels it works with on a separate portal were, and that any customers affected would be compensated.
A spokesperson for Booking.com commented on the attack: “Security and the protection of our partner and customer data is a top priority at Booking.com. Not only do we handle all personal data in line with the highest technical standards, but we are continuously innovating our processes and systems to ensure robust security on our platform.
“In this case, there has been no compromise on Booking.com systems. A small number of properties have been targeted by phishing emails sent by cybercriminals and by clicking on those emails, the properties compromised their accounts. All potentially impacted guests have been notified and because we value our customers at Booking.com, we are supporting impacted guests to compensate for any losses incurred and reclaim these from the property.
“If customers have any questions regarding their reservation or to report losses, they can contact our customer service team.”
The attack is just one of the latest to hit the travel industry with the summer season fast approaching. Just last month Ryanair customers were targeted with a scam offering free tickets via WhatsApp, and in a similar scam, people were targeted with messages appearing to come from Aer Lingus offering free flights if they clicked on a link.
We can expect to see the number of travel scams shooting up in the next few months, however, there are a number of steps that can be taken to reduce the chance of attack.
For further information on how MetaCompliance can help keep protect you from the growing range of phishing and ransomware attacks, click here.