May 21, 2024

Insidious Phishing Trick – Booking Chat Fraud Trap – Cash Register Crash


If a message comes from the property with a link and a payment request, alarm bells should ring.

Anyone who books a hotel or vacation apartment on the booking platform will also receive direct messages from the property via Booking in a type of internal chat, such as a booking confirmation or arrival information.

Pay – or the reservation will be deleted

But be careful: phishing traps can also lurk among these helpful messages. These are real scam messages from the property. A booking agent who recently booked several rooms for herself and colleagues at a London hotel fell victim to this scam.

Apparently the hotel sent a request in English shortly before departure via Booking that the reservation would be deleted if you did not pay for the rooms. And: “Please follow the link.”

Fearing it would be booked, the customer went through with the order and paid. But it soon became clear to her that there was something fishy about it. She immediately blocked her credit card. Too late: over 1,000 francs have already been deducted.

Cryptocurrency is required

The second example, available for SRF's consumer magazine “Espresso”, concerns a hotel reservation in Stuttgart. A young couple had booked there and they also seemed to have received this payment request with a link from the hotel in that chat.

However, the scammers here acted quite clumsily: they demanded payment in cryptocurrency. The couple quickly realized something was wrong and contacted the hotel directly. This confirms the circulation of false news in its name.

See also  Norway: Greta Thunberg protests against wind farm

Housing weaknesses

In such cases, the source of the problem usually lies at the accommodation, as the media office wrote in response to a request from Espresso: “Unfortunately, some of our accommodation partners have been affected by highly disguised phishing emails.”

The cybercriminals were able to access the reservation system, pretend to be a hotel, and send messages. The company says there has been no data leakage in the reservation so far.

The portal also writes that the affected hotels and apartment rentals represent a small part of all accommodation. However, “our teams are working hard to support our partners in securing their systems as quickly as possible.” Booking is also promising support for affected customers, “including assistance with reimbursement.”

See also  Thai Airways: Crew fail to clean food before landing and will be fined

At least in the case of this London tourist, this support has already been indicated. Booking has informed the affected customer that it will take action if her bank does not return the fraudulently deducted amount. The bank's reaction remains open. If you have not paid anything, the Customer must send a corresponding confirmation from the bank to Booking.