Hackers Target Hotel Booking Systems with Fake Payment Scams

Severity: Medium (Score: 48.9)

Sources: Cybersecuritynews, Gbhackers

Summary

Hackers are exploiting hotel booking workflows to send fake payment requests to unsuspecting guests. This fraud scheme utilizes real reservation data, such as hotel names and stay dates, to create convincing messages that trick travelers into providing their payment details. The attacks often begin with simple communications, such as WhatsApp messages, which appear legitimate. Victims are primarily travelers who have made hotel reservations, and many are caught off guard by the authenticity of the messages. The scope of the impact is global, affecting hotels and guests alike. As of now, the exact number of victims and financial losses is not disclosed, but the scheme is rapidly growing in prevalence. Security experts warn that this type of social engineering is becoming increasingly sophisticated, making it difficult for individuals to discern legitimate communications from scams. Key Points: • Hackers are using real reservation data to send convincing fake payment requests. • Victims are primarily travelers, targeted through platforms like WhatsApp. • The scam is rapidly growing, indicating a significant rise in social engineering attacks.

Key Entities

• Phishing (attack_type)
• T1566.003 - Spearphishing Via Service (mitre_attack)
• T1566 - Phishing (mitre_attack)
• WhatsApp (platform)