Phishing Scam Affects Travelers Using Hotels.com

A phishing scheme has made victims of an undisclosed number of travelers using Hotels.com. According to an email sent to travelers by the company, scammers allegedly approached customers while pretending to represent Hotels.com or the actual hotel where the booking was made. The approach was made through means of phony emails and SMS messages, according to a report in Threatpost.

“We are aware of a scenario involving fraudulent communications to a proportion of consumers who have booked on our site from an individual claiming to represent our organization or the hotel at which they have booked a room,” wrote Ingrid Belobradic, the consumer and corporate PR Manager at Expedia, Hotels.com’s parent company.

The compromise

Some of the details that customers were tricked into giving included:

  • Names
  • Phone numbers
  • Email addresses
  • Travel bookings and itineraries.

The notice via the email assured customers that credit card information wasn’t compromised however.

Further reminders and warnings were included to users, urging them to exercise caution when clicking on links offered in the SMSs and emails sent by the scammer.

Belobradic added that the affected customers are being looked into, saying: “We have investigated this phishing incident thoroughly, and impacted customers are being or have been notified and advised of any appropriate action they may need to take.”

Preventative measures

The website is encouraging users who have been tricked into revealing payment information to contact their banks for additional guidance on safeguarding their payment details.

In bringing in an enhanced security measure, Hotels.com has introduced and implemented a multi-factor authentication tool with immediate effect. This brings increased security and is applicable among all its hotel partners. To help avoid and prevent future incidents involving fraud, various ‘education mechanics’ were distributed among its hotel partners this week, according to Belobradic.

Travelers. Targets

Unsuspecting and often distracted travelers who have their guard down are a consistent target for hackers and scammers.

A similar incident occurred last year with Booking.com, where travelers were tricked into actually giving money to scammers who falsely represented themselves as the website and company’s employees. At the time, Booking.com claimed that customer details were obtained by criminals by sending messages to hotel staff, asking to gather the guests’ details.

A decade ago, nearly 243,000 customers of Hotels.com were notified to keep an eye on their personal data after an auditor from Ernst & Young had a laptop stolen from his car. The laptop contained data that included credit card information, names and addresses of customers who booked hotel stays via Hotels.com in 2004.

Details around the current phishing incident are currently slim. Stay tuned for more updates.