Customers of hotels and guest houses listed on Booking.com were the target of a recent phishing scam launched by cybercriminals to steal user information, writes The Sun. Users first received WhatsApp and text messages instructing them to change their passwords because they had allegedly fallen victim to a security breach. Once they clicked on the link, hackers immediately sent phishing emails asking them to send payment details for their bookings.
The content of the emails was very well-written and detailed enough to trick users into believing they had received a legitimate email about their holiday accommodation. Hackers included names, addresses, phone numbers, costs, reference numbers and booking dates.
According to some reports, the data on the customers may have in fact been stolen following a breach on hotels operating on Booking.com.
The company claims not many properties were affected and there was no prejudice on their systems.
A Booking.com spokesperson said in a statement for The Independent:
“Security and the protection of our partner and customer data is a top priority at Booking.com. Not only do we handle all personal data in line with the highest technical standards, but we are continuously innovating our processes and systems to ensure robust security on our platform.
“In this case, there has been no compromise on Booking.com systems. A small number of properties have been targeted by phishing emails sent by cyber criminals and by clicking on those emails, the properties compromised their accounts. All potentially impacted guests have been notified and because we value our customers at Booking.com, we are supporting impacted guests to compensate for any losses incurred, and reclaim these from the property.
“If customers have any questions regarding their reservation or to report losses, they can contact our customer service team.”