Fakes and Frauds: Welcome to our Bogus Hotel!

Cyber-criminals have prepared some dirty tricks for tourists looking for a room over the holidays. And it’s not the same old reception RATs, banking Trojans, wrong hotel transactions and social media baits. Now, they’ve created their own fake hotels and are awaiting unwary guests.

Not only malware, phishing and spam keep the Bitdefender Labs busy. Before and during the holidays, our antivirus specialists have a lot of work with fraudulent websites and they keep a close eye on fake hotels, whose number increases right before Christmas.

The most recent example is that of a bogus London hotel that tries to copy the name of a well-known brand. The Sheraton Skyline Heathrow lures tourists with incredible offers – “just minutes away from Heathrow terminals and benefitting from the airport’s quick and easy access into Central London.” Other fake hotels tempt users with “an excellent cuisine specializing in a variety of fresh seafood and locally sourced meat complemented by an excellent wine list.”

While the authentic website of the London hotel is http://www.sheratonskyline.com/, the fake one “borrow” the name of the genuine hotel with minimal changes, to make users believe it is part of the company: “http://sheraton-skylinehotel.com/.”

This is one difference between fraud and phishing. Whereas phishing reproduces almost the exact content of an authentic institution such as a bank or a payment service, usually on a hacked domain, fraud is created from scratch, and the domain is bought for a longer period of time.

Also, while phishing is promoted through spam campaigns and social media scams, frauds are kept “secret,” as cyber-criminals don’t want their websites rapidly taken down by authorities.

Hotel fraud is usually backed up by job scams, tempting innocent users (mostly young immigrants) with the exciting offer of working abroad. Through the career section, fake hotels actually recruit “mules” for money laundering.

Hotel fraud, like any other fraud, may also come combined with social engineering tricks. For instance, an “authentic” job hunter may see who’s looking for a job or a holiday abroad, creating profiles from personal data people spread on recruitment and social media websites, then convince them by e-mail or instant messaging of his good intentions. After gaining their trust, scammers send the bait out in the wild and let users enter the bogus hotel website.

The purpose of the scam is to steal money, but victims also risk losing their identities. Scammers may ask victims for an advance fee for the room offer or the career opportunity.

Here’s how a hotel fraud may look like:

When searching for a job or a holiday room, users should look for more information about the hotel website. They can type the name of the hotel, followed by words such as “scam” or “fraud” in the search engine. They might be surprised at what comes up from users already tricked. This might not help with a recently created fraud, so tools such as WHOIS will be more helpful. If the website was created from a private e-mail address such as [email protected] or [email protected], it’s most certainly a scam. Almost 85 per cent of fake hotels are registered for just a year, which can also be a sign for scam detectives out there.

Also, “UK global redirecting” numbers that start with +4470 are a major warning of a scam. Though the country code “€+44″ may look like a British number, the 70 prefix means the phone call will be redirecting to a forwarding number which can be in any country but the UK.

Installing and updating antivirus software not only protects users from the latest malware threats but also from this type of niche fraud as a message pops-up and warns users it’s a fake.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Alin Damian, Bitdefender Online Threats Researcher.