Home / Technology / Hotel Bookings Hijacked for Phishing Scams
Hotel Bookings Hijacked for Phishing Scams
28 May
Summary
- Cybercriminals exploit stolen hotel booking data for targeted phishing.
- Over 350 hotels in 50 countries are implicated in reservation hijacking scams.
- Phishing messages contain real reservation details, increasing scam success.
Hundreds of hotels globally have potentially had traveler information compromised, with findings revealing a surge in reservation hijacking scams. Security researchers identified over 350 hotels, vacation rentals, and guesthouses in 50 countries caught in these schemes. Cybercriminals are repurposing stolen booking names and reservation details to craft sophisticated phishing messages.
These targeted attacks, described as spear-phishing, embed authentic reservation information like check-in and check-out dates into fraudulent messages. This tactic significantly increases the chance of victims clicking malicious links, leading to the theft of credit card and other sensitive data. Germany, France, the UK, Italy, Spain, and the US were among the most affected countries.
While hacking hotel systems for booking data is not new, criminals are continually advancing their "phishing-as-a-service" tools. These kits enable the mass distribution of deceptive messages and can impersonate numerous brands. In the US alone, phishing attempts resulted in over $200 million in losses last year.
Researchers noted that small and medium-sized hotels are particularly vulnerable due to potentially weaker security practices. The methods used to obtain booking details vary, including malware-laced emails to hotels or exploiting vulnerabilities in third-party booking services. Experts advise travelers to verify suspicious messages directly with the hotel through independent contact channels.
