There has been a concerning rise in unauthorized individuals compromising the security of popular hotel booking websites like Booking.com/Agoda and similar platforms. The infiltration methods employed by these malicious actors are diverse, ranging from educated guessing to acquiring leaked user credentials of hotel owners from the darkweb. One notable aspect is the theft of hotel owners' user credentials.
Upon obtaining these credentials, usually comprising a username and password, hackers initiate communication through the hotel booking platform's chat function, targeting individuals with existing bookings—referred to here as victims. The manipulation involves convincing victims to verify their credit card, debit card, or bank card details by redirecting them to a fraudulent site cleverly designed to mimic the authentic booking platform. From the victim's perspective, the messages within the platform's chat may appear entirely genuine. It makes it even more difficult to discern the scam given that the scammers have info of the name of the victim, phone number and date of reservations.
There's another variation apparently whereby instead of using the booking platform chat features, the scammers will send the victim messages through instant messengers like Whatsapp to tell the victim that their has been declined and ask the victim to make payment outside of the hotel booking website.
Once the unsuspecting victim enters their card details on the deceptive site, hackers gain access to sensitive information, paving the way for malicious activities such as unauthorized purchases, including game credits or online courses. It's essential to note that insider threats (insider job), such as hacking by hotel personnel, cannot be ruled out.
Therefore, exercising utmost caution and verifying messages directly within the hotel booking website becomes crucial. While antivirus software can often provide alerts when redirected to an external site, it's imperative to acknowledge that some instances may go undetected through traditional antivirus checks. Staying vigilant and adopting additional verification measures can play a pivotal role in safeguarding personal and financial information in the realm of online hotel bookings.