We have received reports of a very creative phishing attack via Booking.com, hotel accounts and other accommodation providers. Cybercriminals are sending fake payment requests to guests with correct travel details. This makes them particularly credible and difficult to recognise.
Why does this phishing attack look so real? Criminals sometimes gain access to hacked accounts of accommodation providers such as hotels and send messages from those accounts. The messages contain correct booking details such as arrival date, guest name and hotel name, which makes you inclined to trust these types of messages.
What can you do?
Have you received an unexpected payment request? That is suspicious. Do not respond or pay via a suspicious link in an email, WhatsApp message or text message.
Are you unsure? Contact your accommodation to check whether they sent the message. However, do not use any contact details from the suspicious message or from their website at that time, as these may also have been hacked.
Only use details that you have already received, for example in a confirmation email or via your original booking.
Forward suspicious messages to suspect@safeonweb.be. Every message is automatically analysed. If it is phishing, we will block the link and display a warning to other users who click on it. This way, you also help protect others.
Are you a victim?
From the moment you lose money to a cybercriminal, we recommend that you report it to the police. You can report it to your local police station.
Contact your bank and/or Card Stop on 078 170 170 if you have provided additional bank details to a fraudster. This will allow any fraudulent transactions to be blocked.
What can accommodation providers do?
Cybercriminals do not only target travellers, but also accommodation providers. For example, they hack Booking.com or other accounts to send fake payment requests in their name.
For entrepreneurs, we have created this message on safeonweb@work explaining the risks, the preventive measures you can take and what to do if your business falls victim to fraud.
