But the systems of the service itself remain intact.
According to the latest report from cybersecurity company Panda Security, customers of the famous online booking service Booking.com are increasingly facing attacks from scammers. Criminals have developed a sophisticated scheme aimed at stealing data and money.
“Although the agency's own systems and networks were not compromised, many clients were impacted by security weaknesses at partner hotels,” the researchers said.
The attack begins with a call to hotels with which the service cooperates. The attackers ask reception staff to help them find something lost or forgotten in one of the rooms, and then send an email with a link to Google Drive files. The disk allegedly contains photographs of lost items. In fact, these files are infected with the Vidar virus, which steals Booking.com login information from the system.
Through the online booking service, scammers approach real customers and convince them to pay fictitious fees by directing them to fake payment pages or asking for credit card information over the phone.
Experts warn that Booking.com credentials are already being circulated on dark markets, where they can fetch up to $2,000 per account. This indicates the high effectiveness and danger of the new scheme. The company advises travelers not to trust requests for additional payments and to contact the hotel directly for confirmation.
Another red flag for customers is when they are asked to provide payment information over the phone or via instant messaging,” Panda adds in its report. “Legitimate transactions must be carried out through online portals. Plus, it’s unlikely that a real hotel will ask you to share personal information over the phone or in a messaging app.”
According to the latest report from cybersecurity company Panda Security, customers of the famous online booking service Booking.com are increasingly facing attacks from scammers. Criminals have developed a sophisticated scheme aimed at stealing data and money.
“Although the agency's own systems and networks were not compromised, many clients were impacted by security weaknesses at partner hotels,” the researchers said.
The attack begins with a call to hotels with which the service cooperates. The attackers ask reception staff to help them find something lost or forgotten in one of the rooms, and then send an email with a link to Google Drive files. The disk allegedly contains photographs of lost items. In fact, these files are infected with the Vidar virus, which steals Booking.com login information from the system.
Through the online booking service, scammers approach real customers and convince them to pay fictitious fees by directing them to fake payment pages or asking for credit card information over the phone.
Experts warn that Booking.com credentials are already being circulated on dark markets, where they can fetch up to $2,000 per account. This indicates the high effectiveness and danger of the new scheme. The company advises travelers not to trust requests for additional payments and to contact the hotel directly for confirmation.
Another red flag for customers is when they are asked to provide payment information over the phone or via instant messaging,” Panda adds in its report. “Legitimate transactions must be carried out through online portals. Plus, it’s unlikely that a real hotel will ask you to share personal information over the phone or in a messaging app.”