Hotel Booking Scam - Hackers Target Guests with Fraudulent Requests
Basically, hackers are tricking hotel guests into paying fake bills through messages that look real.
A new scam is targeting travelers by hijacking hotel booking systems. Cybercriminals send fake payment requests via WhatsApp, tricking guests into revealing sensitive information. Awareness and caution are essential to avoid falling victim to this fraud.
What Happened
A new fraud scheme is on the rise, targeting travelers around the world. Cybercriminals have developed a method to hijack hotel booking workflows, sending guests convincing fake payment requests. This scam often begins with a simple WhatsApp message that appears to come from a hotel’s Guest Relations team. It references real booking details, making it seem like a routine communication.
The attackers exploit the trust guests have in hotel systems. By using accurate trip information, such as property names and stay dates, they create messages that feel legitimate. Many victims, unaware of the deception, follow the instructions, leading to significant financial losses.
Who's Affected
The Reservation Hijack Scam has impacted travelers primarily in the United Kingdom, France, Germany, the United States, Brazil, and Australia. Guests who receive these fraudulent messages, often through platforms like WhatsApp, SMS, or email, are at risk. The scam not only affects individual travelers but also poses a threat to the reputation of hotels involved.
Hotels that utilize popular management systems, such as Cloudbeds, are particularly vulnerable. Attackers can compromise these systems by phishing hotel employees for their login credentials, gaining access to sensitive reservation data.
What Data Was Exposed
Once attackers infiltrate hotel systems, they can view real reservation data, including guest names, contact details, and payment information. They may even deploy tactics like the Scam-Yourself Attack Tactic, tricking hotel partners into executing malicious commands that install remote access trojans. This access allows them to send fraudulent payment requests through legitimate hotel accounts, further blurring the lines between real and fake communications.
Victims have received professionally crafted PDF documents that impersonate hotel groups, complete with payment deadlines. These documents often redirect guests to typo-squatted domains designed to harvest sensitive payment information, making the scam even more dangerous.
What You Should Do
If you receive a message asking you to verify or re-enter payment details for your hotel reservation, do not click any links. Instead, visit the hotel’s official website or the original booking platform directly. If you have already entered your payment information, contact your bank immediately to cancel your card and monitor for any suspicious activity.
Hotels must also take proactive measures to protect their systems. Implementing phishing-resistant authentication for staff, tightening access controls, and enhancing anomaly detection in messaging workflows are essential steps. Smaller properties, which often lack robust security measures, should prioritize multi-factor authentication to safeguard against credential theft.
Staying vigilant and informed is crucial in combating this growing threat. By recognizing the signs of fraud and taking appropriate actions, both guests and hotels can protect themselves from this sophisticated scam.