Criminals are increasingly trying to rip off holidaymakers on the internet. There is now a particularly dangerous scam on one booking platform.
Booking.com is one of the largest travel portals on the internet, offering a wide range of accommodations and flights. However, caution is advised on such booking platforms, as fraudsters are trying to rip off holidaymakers with a new scam.
Shortly after the accommodation has been booked, the supposed host gets in touch via WhatsApp and writes that something went wrong with the booking and that the credit card details need to be reconfirmed. There are already warnings about this on social media; some people even report that they have fallen for the scam.
A few months ago, the German Consumer Advice Center warned of the scam and reported a case in which an alleged hotel employee contacted a woman on WhatsApp. She ignored the messages but received an email with a link shortly before the start of her vacation. There had been problems with her means of payment, so she now had to re-enter her details within 24 hours; otherwise, the booking would be cancelled.
The messages from the supposed landlords usually appear legitimate, as all the booking details and the host’s name are correct. The name, cell phone number, travel dates, and costs also match the actual data. After emails and WhatsApp messages have been sent, the message with the new payment request often ends up in the official Booking.com chat.
If you click on the link, you are taken to a website where you have to re-enter your credit card details. This website is almost indistinguishable from the real Booking.com website and appears legitimate at first glance. However, looking closely at the account, it often looks dubious.
But how do the fraudsters obtain the data? As reported by “Der Spiegel”, the attackers apparently used convincing phishing attacks against employees to obtain the Booking.com access data of the hotels. The fraudsters pretend to be former guests in emails and thus abuse the helpfulness of the hotel staff.
For example, the supposed guests claim to have forgotten their passport at the accommodation and to need it for another trip. A few days later, the fraudsters contacted the accommodation again with a link containing supposed passport pictures. By clicking on the link, however, malware is downloaded that can read passwords and thus gain access to the customer’s data.
Fraudsters have been sending such payment requests via the travel platform for months. Booking.com, however, rejects the blame. Many fraud attempts are filtered out in advance, thanks to software. In addition, partners are constantly provided with security information. However, these measures are insufficient for hotel operators, who feel left in the lurch and demand appropriate security standards.
Consumer advocates advise booking only within the app or paying for accommodation directly at reception to protect yourself from such attacks. Even if the sender appears trustworthy, consumers should always take a close look at the e-mail address. In addition, such links should be ignored, as usually, no bank transfer is requested via chat, email, SMS, or telephone.
- source: heute.at/picture:
This post has already been read 4317 times!