Scam & Holidays: if their scent stuns us, cyber criminals are partying

Security Awareness
19 July 2024
vacanze-2024-prenotare-online-e-in-sicurezza

Watch out for online booking scam

In front of the desk, at the end of a year’s work, imprisoned in clothes too buttoned up for summer temperatures, the mind a little clouded by fatigue, the thought of vacation, of freedom, of flip-flops, is irresistible.
Everything is ready for the long-awaited departure ceremony. Luggage prepared, pet arranged with neighbors, tickets bought, and lodging booked.

Finally, it’s off.

Upon our arrival at our chosen location, however, there is something that spoils our party beyond repair. The hosts, if it is an apartment, or the staff at the front desk, in the case of a hotel, look for our reservation but cannot find it. Yet we have already paid for the entire period of our stay.
After the initial astonishment we try to understand what happened and finally realize that, yes, it happened to us. We have been swindled.
Despite the correct booking procedure, money paid and payment confirmation received, there is no room for us.
We are bound to have to look for another one, at an added expense and perhaps making do with what we find or, in the worst case scenario, we have to go home with our tails between our legs because there are no more places available in our locality or because the budget needed becomes too high for our means. And maybe we had also jammed vacations with colleagues and thus have to wait until the next vacation season to enjoy the long-awaited vacation. In short, just a bad surprise.

We are talking about the scam that, by exploiting artificial intelligence, uses the name and logo of recognized brands, such as Booking or AirBnb, with the aim of stealing money and data from unwitting victims.

After all, criminals are always very attentive to network trends, and undoubtedly in the summertime online vacation booking is an activity that many now do independently from their private or even business devices. In short, season that comes con you find.

As explained by Booking, the scam, called spoofing, is a type of cyber attack that uses several strategies to falsify identity. Cyber criminals change phone numbers, emails or websites by copying the official pages exactly.
The scam begins with a message alerting the user to a possible cancellation of the reservation due to a declined payment. The victim is then asked to click on another site to proceed with the payment again. However, the site is fake, and the user falls into the trap: he is asked to enter his credit card information to make the payment again. Often, at that point, anxiety about booking takes over and people follow the directions of the new bogus site, thus paying money to the criminals.

Booking’s chief information security officer, Marnie Wilking, said scams have increased between 500 and 900 percent in the past 18 months.
Spoofing, which has existed since the beginning of email sending, has worsened with the advent of ChatGPT.
Cyber criminals trick users by pretending to be a hotel establishment or the owner of a rental house. According to Wilking, fraudsters definitely use artificial intelligence to conduct attacks and imitate official emails.

The Booking site lists some characteristics of phishing emails and that we should always be suspicious and restrain ourselves before making any online transactions.

Sense of urgency

Phishing e-mails tend to create a false sense of urgency, for example by threatening to suspend your account. In this regard, the platform warns that it will never make urgent requests without first sending a notice about it. So, if you receive an e-mail requesting urgent action, it is best to refrain from taking other actions online and contact Customer Support.

Errors

Bogus e-mails typically contain many spelling and grammatical errors or words written in a different language.
Finding out the real sender, however, is not difficult, just check the source address well. For example, Booking emails always come from an address ending with “booking.com,” regardless of the subdomain (such as esempio@sg.booking.com). A different address such as“support@booking-103266.com” is not from the official platform and is definitely dangerous.
Therefore, do not respond to such emails and report them as spam.

Always check links can help prevent cyber attacks. There are a few methods for checking links:

Place the mouse over the link (or touch and hold it in case of a mobile device) to check its true destination. If the link does not lead to an official address, do not open it.

There are also online tools and services designed to analyze and scan URLs for potential threats and malicious content (such as Virus Total).

In case you suspect that your computer has been infected with malware, it would be wise to perform a series of steps:

  • Reset your e-mail account password and then your reservation site password.
  • Scan your devicewith an updated system for malware detection.
    Not all phishing attacks are aimed at obtaining a password: some may contain malicious software embedded in a “file,” which may be malware, spyware, ransomware, or viruses. Scanning the device is very important if we think we have clicked on a malicious link or downloaded unrecognized files.
  • Report the suspected or actual phishing attack to the platform, within 24 hours, remembering to include all necessary details, such as a copy of the suspicious e-mail received and report any unrecognized activity in the personal account.

Protecting yourself is possible

In general, protecting yourself from the cancelled reservation scam is possible, as long as you are always very careful when making transactions and, especially, payments online.

The first step to protect yourself is to never click on suspicious links within the messages you receive, particularly if they invite you to redo a payment you have already made. In the presence of online addresses (the so-called “url”) that do not convince, it is always to contact the operator of the site directly and ask for more explanation.

If a property asks for payment outside the terms agreed upon at the time of booking or if you receive a poorly worded e-mail asking for personal information to be shared, it is best to contact customer service or the property directly to verify the legitimacy of the message. Platforms such as Booking.com provide 24-hour customer service for any customer inquiries.

Control and suspicion in some cases is never too much. Even in the face of a tempting offer, it is better not to make hasty choices that you will regret. Best to check the reviews of the facility and the URL of the website you are booking on to make sure both are legitimate.

Criminals often take advantage of our distraction, fatigue, emotionality and vulnerability.
Certainly the great desire to book a vacation intoxicates and stuns us a bit by making us pay less attention to our online gestures. A crack into which pirates dive with great cunning.

To enjoy our well-deserved vacation without nasty surprises, we need to keep our attention high, always be aware of the actions we take online, and not be distracted by fatigue or easy enthusiasm, especially if what we do requires paying money or sharing sensitive data.
A presence and awareness that can be built and exercised through quality continuing education courses that also include hands-on exercises and simulations of everything that can happen while surfing the Web.

Related Articles