Microsoft has recently published a blog about a phishing scam that targets hotel and accommodation owners using Booking.com. This isn’t the first time that scammers have gone after Booking.com. In Malaysia, for instance, people have shared their experiences of being fooled into making a reservation for a non-existent property.
This time, the scammers are focusing on hotel and accommodation owners. They receive an email that looks like it’s from Booking.com, stating that a guest left a bad review (or other scenarios). The email urges them to take action, such as trying to challenge the bad review or contacting the guest. They are then asked to verify their login and even complete a CAPTCHA, which makes them feel confident that it’s a genuine request.
After a series of steps, the system is compromised and the cybercriminal gains access to logins and financial information.
Microsoft recommends several steps for accommodation providers (and consumers) to protect themselves from phishing scams:
- Verify the Sender’s Email:Â Check if the email address is legitimate by hovering over it. Legitimate organisations do not ask for personal or financial information via unsolicited emails or calls.
- Contact the Service Provider:Â If you receive a suspicious email, contact the service provider using the official contact forms on their website.
- Be Cautious of Urgent Requests:Â Be wary of emails urging you to click, call, or open attachments immediately. Scams often create a false sense of urgency to trick you.
- Hover Over Links:Â Check the full URL by hovering over links. Malicious links can download malware onto your device. It’s safer to search for the company website directly in your browser.
- Look for Typos:Â Phishing emails often contain typos or subtle misspellings of legitimate domains (e.g., micros0ft[.]com or rnicrosoft[.]com). These can indicate a scam.