Scammers recently targeted Booking.com customers with phishing messages designed to steal their sensitive financial information.

According to The Sun, criminals sent out WhatsApp messages and text messages to customers claiming that a security breach had occurred and that recipients needed to change their passwords. The attack correspondence came with a link that, when clicked, gave bad actors access to bookings. These malefactors then followed up with a second message specifying that they needed customers’ banking information to process full payment in advance of the bookings.

Marketing manager David Watts of Newcastle received one of the attack messages, staing “It looked very believable and I can believe people fell for it.”

Booking.com told The Sun that it’s aware of these attack messages. It also clarified that it had not suffered a data breach and that attackers had likely compromised the systems of hotels with which it works on a separate portal. Those criminals, it said, made off with typical booking information like customers’ names, addresses, phone numbers, dates and prices of bookings and reference numbers. The attackers then used that information to send out phishing messages, which incorporated those pieces of information to enhance their appearance of legitimacy, it explained.

This isn’t the first time scammers have targeted Booking.com users. Back in November 2014, news emerged of phishers preying on thousands of users, some of whom fell for the phish and paid the attackers. Booking.com stated that it had not suffered a breach and that criminals had hacked as many as eight hotels, but a spokesperson for one of the affected hotels denied having suffered an incident and recommended that the travel e-commerce company “ensure their investigation is thorough and appropriate action is taken.”

No doubt phishers will continue to target the travel industry in an attempt to steal customers financial data. With that said, users should make an effort to familiarize themselves with some of the most common types of phishing attacks. This resource is a good place to start.

via:  tripwire