New Bookingcom Scam Targeting Hotel Accounts and Travelers

By /

Listen to this Post

Cybercriminals are exploiting hacked hotel accounts on Booking.com to steal travelers’ reservation data (names, dates, payment details) and impersonate legitimate entities. Victims receive fraudulent messages via the app or email, urging them to “reconfirm” payments or banking details.

Why It’s Dangerous:

  • Attackers leverage genuine booking contexts to bypass suspicion.
  • No generic spam—scams mimic real transactional workflows.

Protection Steps:

  1. Never pay via unsolicited links, even if they appear to be from Booking.com.
  2. Verify requests by contacting the hotel or Booking.com’s official support directly.
  3. Enable bank transaction alerts for real-time fraud detection.

You Should Know: Practical Cybersecurity Measures

1. Detect Phishing Attempts

  • Linux/Mac: Use `curl` to inspect URLs without clicking: 
    curl -I "URL_HERE" | grep -i "location|server"
  • Windows: Check URL reputation via PowerShell: 
    Invoke-WebRequest -Uri "URL_HERE" | Select-Object StatusCode, Headers

2. Secure Your Accounts

  • Enable MFA (Multi-Factor Authentication) universally: 
    Linux: Generate OTP codes via oathtool
oathtool --totp -b "YOUR_SECRET_KEY"
  • Booking.com Partners: Enforce MFA on partner portals (reference: Booking.com Trust & Safety).

3. Monitor Network Traffic

  • Linux: Use `tcpdump` to sniff suspicious outbound connections: 
    sudo tcpdump -i eth0 'port 443' -w booking_traffic.pcap
  • Windows: Analyze with `Wireshark` or Microsoft Message Analyzer.

4. Validate SSL/TLS Certificates

  • OpenSSL Command: 
    openssl s_client -connect booking.com:443 | openssl x509 -noout -dates

5. Automate Scam Alerts

  • Python Script to scan emails for phishing keywords: 
    import re
def detect_scam(email_text):
scams = re.compile(r'urgent|payment|confirm|booking.com', re.IGNORECASE)
return bool(scams.search(email_text))

What Undercode Say

This attack underscores social engineering risks in travel platforms. Cyber hygiene—like MFA and URL validation—is critical. For IT admins:
– Block suspicious domains at the firewall: 

iptables -A OUTPUT -d "MALICIOUS_IP" -j DROP

– Educate users via simulated phishing tests (tools like GoPhish).

Expected Output: A secure, aware user base and hardened systems against booking-related fraud.

Source: Clubic

References:

Reported By: Jeremychieppa Vous – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: