Global booking scam campaign
According to security researchers at Netcraft - an Internet services company based in London (UK), a global fraud campaign has just been discovered, targeting directly those planning to travel or prepare to book a hotel room. A popular form is sending emails confirming fake bookings of familiar brands such as Airbnb, Booking.com, Expedia or Agoda, with the goal of stealing personal information and payment card data.
The emails are professionally designed, copying the logo, layout and language to identify the official email. They often create time pressure, requiring recipients to confirm bookings within 24 hours to avoid being canceled, making it easier for them to act without checking the source of the message.
Links in emails lead users through many intermediary steps, hide fake pages and work to detect scams, making it difficult.
According to Which, every day hackers register hundreds of new domain names to serve the campaign. These domain names often have similar structures, containing phrases such as confirmation, booking, guestverify, reservation or combining the names of famous luxury hotels and boutique with random numbers to increase reliability.
At the end, the victim was led to a fake booking confirmation page with an almost perfect interface, displaying logos of major travel brands and a fake "cloudflare CAPTCHA security" layer.
Although it looks real, this CAPTCHA does not have a authentication function but only aims to create a sense of safety. After that, users are required to enter full payment card information including cardholders' name, card number, CVV code and expiration date. The system also checks the card number format to ensure validity before secretly activating fraudulent transactions.
The scam site also integrates an automatic customer support chat window, instructing users to confirm SMS messages from banks. In fact, that is the warning for unusual transactions sent by the bank.
Netcraft said the system supports up to 43 languages, capable of automatically changing logos and interfaces according to each victim, allowing global attacks.
Vietnamese accommodation establishments caught in scams
In Vietnam, the Vietnam National Administration of Tourism has also issued a warning about another scam campaign called clickFix, targeting hotels, homestays, resorts and accommodation establishments directly. The main form of attack is fake email from popular booking platforms such as Booking.com, Expedia... with familiar headings such as "Referment confirmation", "Customer complaints", " Payment update" or " booking cancellation".
These emails often have links or Excel files that fake invoices, and booking information that contains malicious code. Just click on the link or open the file, the malware will be activated, allowing hackers to take control of the device, steal data, track activities and even penetrate deep into the internal system of the accommodation facility.
According to research by Bkav experts, clickFix uses PureRAT - a remote controlled malware that allows tracking users, stealing accounts and expanding the range of attacks over a long period of time.
Notably, this campaign shows signs of operating under the Attack-as-a- Service model, allowing many subjects to buy tools and deploy attacks without high technical expertise, causing the risk level to increase significantly.
The Vietnam National Administration of Tourism stated that with tens of thousands of accommodation establishments operating on online booking platforms, the risk of being attacked is increasing, especially in the context that many reception and booking departments are not fully equipped with knowledge and procedures on cyber security.
In that context, many fake fanpages have taken advantage of the images and service information of official fanpages to deceive customers into booking services.
Ms. Nguyen Thi Thanh Binh, Deputy General Manager of Serena Resort Kim Boi, said that many fake fanpages have illegally used images and service information of official fanpages to deceive customers to book services. The resort has recorded nearly 10 cases of customers being scammed, with the loss amounting to nearly 20 million VND per person.
"Fanpage is fake to copy and post information about services from the official fanpage to cause confusion, attract interested customers and request service bookings. After that, the subject asked the customer to transfer money and appropriate the property, said Ms. Thanh Binh.
When customers text to the fake fanpage, the receptionist impersonates the service and requests payment. After the customer transferred the money and was informed to have correct content, they were instructed to follow the steps to " get their money back", thereby the hackers continued to appropriate more assets.
In addition, in recent years, there have been scams of "transfer packages, tours" on social networking platforms such as Facebook, Zalo, TikTok, Instagram.
The subjects often impersonate customers who have booked tours at reputable companies, posted articles that need to be liquidated urgently at prices 30 - 50% lower than the market, along with fake invoices, tour images and "virtual" feedback to create trust.
After the initial stage of small transactions to gain trust, they tricked the victim into buying higher value packages, then appropriated the money and cut off contact.
According to Lao Dong, similar scams often appear during holidays or peak seasons - times when the number of tourists increases every year. Although these tricks are no longer new, the gullibility and lack of understanding of customers still makes them easy to victims.
Mr. Bui Thanh Tu, Marketing Director of BestPrice Travel, said that scams are not only aimed at cruise ships but also appear in many other services such as air tickets, hotel rooms or tours. These cases often have in common the thing of offering attractive prices to attract customers. In addition, there are still some different signs depending on the incident.
For tourists who book a combo for the first time and do not have a clear understanding of market prices, priority should be given to choosing reputable companies that have long-standing operations, legal status, clear addresses, official websites and recognized awards or certificates.
Currently, many leading travel companies such as Vietravel, Saigontourist, Hanoitourist, Hanoi Redtour or BestPrice Travel all have room funds and air tickets at preferential prices in the summer.
Visitors should also note that electronic invoices can be forged. If a company sends an electronic invoice but the email address is personal, be careful.
If customers have made a deposit but are instructed to transfer money in the wrong content and follow the steps to receive the money back, it is almost certain to be a scam. In this situation, tourists need to stop and not continue trading to avoid losing more money.
Recommendations for tourists and service businesses
In the face of online fraud, security experts recommend that accommodation establishments and users should be vigilant, carefully check the email address sent, do not open links or attachments of unknown origin. Access to booking platforms should be done directly through the application or the official homepage.
accommodation establishments should deploy email monitoring, virus terminal software and in-depth anti-malware solutions, because the default protection tools only provide basic protection, not enough to deal with modern malware that can hide for a long time.
The Ministry of Public Security also recommends that people do not install strange applications on devices with bank account links, do not publicly disclose personal information on social networks, do not scan QR codes or access links without verifying their clear origin, and absolutely do not provide account information, OTP or CVV to anyone.
