_sleepyfellow_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![watchOS 26 May Bring Third-Party Widgets to Control Center [Report]](https://www.iclarified.com/images/news/97520/97520/97520-640.jpg)
![AirPods Pro 2 On Sale for $169 — Save $80! [Deal]](https://www.iclarified.com/images/news/97526/97526/97526-640.jpg)
_Michael_Vi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![From electrical engineering student to CTO with Hitesh Choudhary [Podcast #175]](https://cdn.hashnode.com/res/hashnode/image/upload/v1749158756824/3996a2ad-53e5-4a8f-ab97-2c77a6f66ba3.png?#)
![[FREE EBOOKS] Solutions Architect’s Handbook, Continuous Testing, Quality, Security, and Feedback & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
Booking.com reservation abused as cybercriminals steal from travelers
Cybercriminals are abusing the hospitality industry and its booking platforms to defraud the travelers that visit them
Robert Woodford, a recruitment marketing specialist, recently shared on LinkedIn how he fell victim to a highly sophisticated scam while booking a hotel in Verona through Booking.com, providing a striking example of how attacks on the hospitality industry affect travelers.
After completing a legitimate booking—and trading some communications with the hotel—Woodford received a separate message that he believed came from the official Booking.com messaging system. This message requested “missing details” and a prepayment.
But to be safe, Woodford logged into Booking.com directly rather than clicking any links. There, he found the same message in the same thread as his earlier communications with the hotel. The payment link also looked official, as it contained “bookingcom” in the URL. Woodford didn’t realize until after making the payment that the merchant’s name was incorrect and the payment was fraudulent.
Woodford’s story falls in line with a blog I wrote a few months ago about how phishers use fake CAPTCHAs to trick hotel staff into downloading malware. It also demonstrates how travelers can be deceived by increasingly sophisticated cybercriminals exploiting real booking data and trusted platforms.
The Swiss National Cyber Security Centre (NCSC) reported similar attacks where hotel staff were tricked into installing malware through fake CAPTCHAs and malicious clipboard commands. These infections compromise hotel booking systems, allowing attackers to manipulate guest communications and payments.
To be clear, these types of online scams are so effective because the hotel itself has been compromised, and travelers log into official, verified websites and services only to receive malicious messages from cybercriminals who are secretly in control. These aren’t fake websites—these are fake representatives for real hotels using the hotels’ own messaging platforms to speak with customers.
Once the criminals infect the booking system, they can access guest data, and payment information, enabling them to impersonate hotels and reach guests directly.
Adding to this picture is a warning from Arcona Hotels & Resorts who discovered “technical irregularities” and disconnected several locations from the central IT services as a precautionary measure to limit potential damage. ResponseOne GmbH, a company specializing in IT forensics, was brought in to conduct a technical analysis and manage the situation.
Arcona Hotels & Resorts is a German-based company specializing in operating and developing hotels, particularly focusing on leisure and holiday hotels, boutique hotels, and 5-star properties. While we have no direct information about what happened there, the timing and nature of their advisory suggest that this incident might be part of a wider campaign targeting the hospitality industry’s digital infrastructure.
Advice for travelers
Cybercriminals are no longer just targeting guests. They are infiltrating hospitality systems themselves, turning trusted platforms into vectors for fraud.
Robert lost a few hundred quid and the trust in his bank, the travel platform he used, and a bit of trust in his own judgement. While Robert was vigilant and still became a victim, there are some tips to keep in mind:
- Always access booking platforms by typing URLs directly into your browser rather than clicking links in emails or messages.
- Verify any payment requests by contacting the hotel or booking platform through official channels. You can also call the hotel directly.
- Be suspicious of urgent payment demands or requests for unusual payment methods.
- Use credit cards for bookings where possible, or other options that provide fraud protection.
- Report suspicious messages to the booking platform immediately.
- Use browser protection against scams, credit card skimmers, and other malicious sites.
Be aware of the fact that the systems you trust might be compromised. Vigilance and proactive security measures are essential for both travelers and hotels to mitigate these risks.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
