Exploitation of Booking.com Reservations: Cybercriminals Targeting Travelers’ Finances

Robert Woodford, a recruitment marketing specialist, recently experienced a sophisticated scam while booking a hotel in Verona through Booking.com. This incident illustrates the vulnerabilities present in the hospitality industry and how cybercriminals target travelers.

After making a legitimate hotel booking and communicating with the hotel, Woodford received a separate message that appeared to originate from the official Booking.com messaging system. This message requested “missing details” and a prepayment. To ensure safety, Woodford chose to log into Booking.com directly instead of clicking any provided links. Upon logging in, he found the same message in the same thread as his prior communications with the hotel. The payment link also looked legitimate, containing “bookingcom” in the URL. It was only after completing the payment that he realized the merchant’s name was incorrect and the payment had been fraudulent.

Woodford’s experience aligns with previous discussions about how phishers can deceive both travelers and hotel staff using tactics that include fake communication methods. This type of scam demonstrates how cybercriminals exploit genuine booking data and trusted platforms to mislead and defraud unsuspecting users.

The Swiss National Cyber Security Centre (NCSC) has reported similar incidents where hotel staff have been tricked into installing malware via fraudulent CAPTCHAs and malicious commands. These malware infections compromise hotel booking systems, granting attackers the ability to manipulate guest communications and transactions.

It is crucial to understand that such online scams are exceptionally effective because they exploit compromised hotel systems. Travelers may log into verified websites only to receive malicious communications initiated by cybercriminals, who gain control of the hotel’s messaging platforms. These are not counterfeit websites; instead, they are fraudulent representatives posing as actual hotels and using the hotels’ own channels to reach out to customers.

Upon compromising the booking systems, criminals can access guest data and payment information, enabling them to impersonate the hotel and directly reach guests.

Moreover, a recent warning from Arcona Hotels & Resorts highlighted “technical irregularities” that prompted the disconnection of several locations from their central IT services to mitigate potential risks. The company ResponseOne GmbH, which specializes in IT forensics, was engaged to perform a technical analysis and manage the situation.

Arcona Hotels & Resorts, a German company renowned for operating and developing hotels with a focus on leisure, boutique, and luxury properties, has not disclosed the specifics of the incident. However, the timing and nature of their advisory suggest that this occurrence could be part of a broader campaign targeting the digital infrastructure within the hospitality sector.

Advice for Travelers

Cybercriminals are increasingly infiltrating hospitality systems, converting trusted platforms into vehicles for fraud.

Robert Woodford lost several hundred pounds, along with his trust in financial institutions and booking services. Being aware of the risks is crucial, even for the vigilant. Here are some essential tips for travelers:

• Access booking platforms by directly typing the URLs into your browser rather than clicking on links in emails or messages.
• Verify payment requests by contacting the hotel or booking platform through official channels; direct phone calls to the hotel can be helpful.
• Be wary of urgent payment requests or unusual payment methods.
• Whenever possible, use credit cards or payment options that offer fraud protection for bookings.
• Immediately report any suspicious messages to the booking platform.
• Utilize browser protection tools to defend against scams, skimmers, and other malicious activities.

It is critical to acknowledge that trusted systems may be compromised. Vigilance and proactive security measures are essential for both travelers and hotels to reduce these risks.

Effective cybersecurity must extend beyond basic awareness. Implement secure practices to keep threats at bay and protect your devices from potential risks.