ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Beware of This new Scam That is Targeting Travelers Through Online Booking Sites

Utilize reputable security software and cloud services to protect devices from potential threats and phishing attempts.
PUBLISHED FEB 11, 2024
Cover Image Source: Cyber Fraud | Pexels
Cover Image Source: Cyber Fraud | Pexels

Despite widespread awareness, phishing remains one of the most persistent and effective attack vectors in the world of cyber threats. From scammers posing as reputable banks to text messages mimicking delivery notifications, and even malicious code hidden within seemingly innocuous images, phishing attacks can target anyone with access to digital devices. One scam recently identified by cybersecurity professionals is the utilization of sophisticated infostealers, specifically targeting the hospitality industry through online booking services. 

A smart phone with the travel app Booking.com is seen on the screen in Hong Kong | Getty Images | Photo by S3studio
Image Source: Getty Images | Photo by S3studio

As part of this scam, a fraudster initiates a booking request, opting for the "pay at hotel" option, and proceeds to spam the hotel with a series of urgent and seemingly authentic emails containing links to supposed "photos." However, these links actually lead to the execution of an infostealer, compromising the hotel's security.

While initially aimed at hotels, this nefarious phishing campaign has evolved into a multi-stage attack, subsequently targeting customers of these booking platforms. The attack is carried out in three primary steps, which are executing the infostealer, contacting the victim, and ultimately trapping the victim with a link.

A 12-year-old boy looks at a iPad screen on October 27, 2023 in Swansea, Wales. Getty Images | Photo by Matt Cardy
Image Source: Getty Images | Photo by Matt Cardy

After infiltrating the hotel's system, the attacker first gains access to legitimate customer communications. Typically, users are advised to rely on official communication channels provided by the booking platform to avoid fraudulent interactions. However, with the attacker now able to exploit these trusted channels, such precautions become ineffective.

The attacker proceeds to send personalized messages to intended victims, leveraging typical phishing strategies such as urgency, fear, and the need for immediate action. Crafted to mimic authentic hotel communications, these messages instill a false sense of trust in recipients, further facilitating the success of the phishing scheme. On top of that, the messages are disseminated through the booking platform's messaging system, adding a sense of legitimacy that would otherwise be absent in traditional email-based phishing attempts.

Image Source: Pexels|Photo by Alex Green
Image Source: Pexels | Photo by Alex Green

The victim then receives a message containing a deceptive link, purportedly for additional card verification to prevent the cancellation of their booking. Fearing the loss of their reservation, the victim complies with the instructions outlined in the message and clicks the link. This action triggers the execution of a script encoded within a JavaScript Base64 script, which is downloaded onto the victim's device.

The downloaded script is designed to evade detection by security analysts, utilizing various methods to gather information about the victim's browser environment, including browser capabilities and attributes. This data is then compiled into a data object and appears to be transmitted to a server via a POST request.

Following the successful execution of the script, the victim is directed to a phishing site posing as a legitimate payment page, where they are prompted to enter their credit card information. To further enhance the credibility of the scam, the attacker implements a smart-chat support channel.

A logo of Booking.com is pictured on a computer screen | Getty Images | Photo by Yuriko Nakao
Image Source: Getty Images | Photo by Yuriko Nakao

Several red flags indicate the fraudulent nature of the message, including urgent language warning of reservation cancellation, a suspicious URL that does not match the official website domain, and the presence of threatening language. To mitigate the risk of falling victim to such phishing attacks, individuals are advised to exercise caution and remain vigilant.

MORE ON MARKET REALIST
'Wheel of Fortune' takes an unexpected turn as dentistry student gets a weird request from Pat Sajak
NEWS
'Wheel of Fortune' takes an unexpected turn as dentistry student gets a weird request from Pat Sajak
Despite putting the contestant in an awkward position the host did get the audience to laugh.
1 hour ago
'Breaking Bad' star Aaron Paul was once a 'Price is Right' contestant — and it still haunts him years later
NEWS
'Breaking Bad' star Aaron Paul was once a 'Price is Right' contestant — and it still haunts him years later
Although fans have admired his energy on the episode for years, Paul revealed why he wasn't too happy.
3 hours ago
'Shark Tank' judges had laughed at his pitch. 11 years later, he returned and was offered a $300,000 deal.
NEWS
'Shark Tank' judges had laughed at his pitch. 11 years later, he returned and was offered a $300,000 deal.
It took more than a decade and an amazing invention for Les Cookson to secure a deal on Shark Tank.
5 hours ago
'Jeopardy' contestant's disturbing response to 'puberty' question had everyone weirded out
NEWS
'Jeopardy' contestant's disturbing response to 'puberty' question had everyone weirded out
The contestant was also defended by some who said they would've made the same mistake.
1 day ago
'Antiques Roadshow' guest brings an 18th-century item that breaks show record — but there's one problem
NEWS
'Antiques Roadshow' guest brings an 18th-century item that breaks show record — but there's one problem
While the item received a record-breaking appraisal, a flaw prevented its value from going higher.
1 day ago
The richest actor in the world is worth $3 billion and not many people know about her
NEWS
The richest actor in the world is worth $3 billion and not many people know about her
She has starred in classic films such as "Sixteen Candles", "The Lost Boys", and "Twister".
1 day ago
Judy Sheindlin’s paycheck for each 'Judge Judy' episode proves she rules both the courtroom and the bank
NEWS
Judy Sheindlin’s paycheck for each 'Judge Judy' episode proves she rules both the courtroom and the bank
What is Judy Sheindlin’s salary per episode? Here’s what we know about the TV judge and her new IMDb TV show, ‘Judy Justice.’
2 days ago
Pat Sajak tackling a 'Wheel of Fortune' winner on live TV still remains a truly bizarre moment
NEWS
Pat Sajak tackling a 'Wheel of Fortune' winner on live TV still remains a truly bizarre moment
Sajak was criticized by fans on the internet but the contestant clarified that it was just for fun.
2 days ago
'Price is Right' contestant in wheelchair who won treadmill gets a much better gift from Jimmy Kimmel
NEWS
'Price is Right' contestant in wheelchair who won treadmill gets a much better gift from Jimmy Kimmel
Danielle Perez had gone viral after talking about the awkward moment on "The Price is Right" on social media.
3 days ago
Struggling musician playing at local pub stunned when Post Malone stepped in and helped him buy a house
NEWS
Struggling musician playing at local pub stunned when Post Malone stepped in and helped him buy a house
The singer also got Malone's number but is only focusing on sharing his work with him for now.
3 days ago
Excited 'Price is Right' contestant knocks Drew Carey off stage in one of the craziest TV moments
NEWS
Excited 'Price is Right' contestant knocks Drew Carey off stage in one of the craziest TV moments
The incident did not bring down the woman's excitement as she kept jumping on stage.
3 days ago
'Antiques Roadshow' guest says he needs a 'bodyguard' after expert tells him value of his 17th century box
NEWS
'Antiques Roadshow' guest says he needs a 'bodyguard' after expert tells him value of his 17th century box
The guest had no idea whose face was engraved on the top of the box and how much it cost.
4 days ago
'Shark Tank’ offers life-changing deal to a 12-year-old boy who came up with a simple glue idea
NEWS
'Shark Tank’ offers life-changing deal to a 12-year-old boy who came up with a simple glue idea
The young entrepreneur saw a common problem kids his age faced and came up with an invention.
4 days ago
Antiques Roadshow tells realtor who brought an old vase that it's ‘worth more than the condo he sold’
NEWS
Antiques Roadshow tells realtor who brought an old vase that it's ‘worth more than the condo he sold’
It was a gift from the father of his first client to whom he had sold a condo.
4 days ago
Jelly Roll spent $11,000 on fried chicken — but it's the tip he left for staff that stunned everyone
NEWS
Jelly Roll spent $11,000 on fried chicken — but it's the tip he left for staff that stunned everyone
The singer wanted to celebrate his journey by sending fans to the place linked to his early days.
4 days ago
'The Price is Right' was so wild in the 1950s it even brought live elephants to the studio
NEWS
'The Price is Right' was so wild in the 1950s it even brought live elephants to the studio
Wait till you hear the list of weird prizes that 'Price is Right' gave in the '50s.
5 days ago
Buying bottled water from Costco? Expert warns why you probably shouldn't: "It comes from..."
COSTCO
Buying bottled water from Costco? Expert warns why you probably shouldn't: "It comes from..."
The bottled water from the popular retailer has nanoplastic particles more than the firm's limits.
5 days ago
'Shark Tank' turns down $400,000 deal because the founders made the 'biggest mistake' most startups make
NEWS
'Shark Tank' turns down $400,000 deal because the founders made the 'biggest mistake' most startups make
Most of the sharks had concerns about water pressure even though the product impressed them.
5 days ago
'Pawn Stars' guest tries to sell Steve Aoki-signed item for $2,000 — then the DJ quietly walked in
NEWS
'Pawn Stars' guest tries to sell Steve Aoki-signed item for $2,000 — then the DJ quietly walked in
The host wanted to be sure about the signature that added a lot of value to the doll and the cards.
6 days ago
Three men leave a restaurant without paying the bill. Then, the owner got a mysterious letter and cash
NEWS
Three men leave a restaurant without paying the bill. Then, the owner got a mysterious letter and cash
The incident took place on a busy Friday night and the staff failed to keep track of the group.
6 days ago