Hotels.com customers targeted by phishing scam

Unknown number of victims receive fraudulent emails

26 Jun 2015

.polaris__post-meta--date { display: none; } .polaris__post-meta--date.no-script { display: block; padding-left: 45px } 26 Jun 2015

Some goldfish being lured by fishing hooks

Shutterstock

Hotels.com customers have been caught up in a phishing scam using fraudulent emails masquerading as legitimate messages regarding their bookings.

Part of Expedia group, Hotels.com allows customers to search for and book rooms at hotels across the country online or by phone.

The details of the scam are currently unclear, other than the fact it relies on duping the user into believing they have received a genuine email from Hotels.com or the hotel they booked with.

It is also not clear how the perpetrator or perpetrators got hold of the details of the victims, as this does not seem to be a random, scattergun phishing attack.

In a statement, Eva Heller, a spokesperson for the Hotels.com brand, said: "We have investigated this phishing incident thoroughly, and impacted customers are being or have already been notified and advised of any appropriate action they may need to take.

"Additionally, we are working closely with our hotel partners to educate on the sensitivity and importance of these type of fraudulent activities. Our security team continually works to address situations such as this and is always focused on making sure our sites are as secure as possible.

"We sincerely apologise for any inconvenience this incident may have caused."

However, Wieland Alge, VP and GM EMEA at Barracuda Networks said that this apparent breach shows the difficulties faced by companies balancing usability with security.

"The internet platforms put a lot of effort into the ease of use of their services," he said. "The quicker I can book my hotel the better my user experience is. Platforms with very diligent authentication and security information often appear heavyweight and not state-of-the-art. The downside of this is that it is also quite simple for villains to exploit the customer's wish for simplicity."

He added: "More than ever, businesses and consumers need to put significant effort into learning how to recognise the traits of a phishing attack.#

"As well as putting security systems in place, businesses, employees and consumers alike need to remain vigilant and question any unexpected email, with links or attachments that arrives in their inbox."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1657195741/itpro/Whitepaper%20covers/State_of_Salesforce_2022.png { display: none !important; }

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1657196714/itpro/Whitepaper%20covers/SAP_Migration_to_the_cloud.png { display: none !important; }

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1643881871/itpro/Whitepaper%20covers/Business_value_modernising_mainframe_thumb.png { display: none !important; }

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

.imgHideOnJavaScriptDisabled_https://media.itpro.co.uk//image/upload/f_auto,t_resource-card-mobile@1/v1657121008/itpro/Whitepaper%20covers/The_Total_Economic_Impact_Of_IBM_FlashSystem.jpg { display: none !important; }

Free Download