Booking.com has been down this road before, but reports are circulating once again that the travel booking site has recently become the target of a sophisticated phishing scam. One that could make anyone using the site for their holiday travel plans more than just a wee bit nervous.
Customers have reported suspicious emails and messages showing up in their in-boxes from what appeared to be Booking.com. The messages request advance payment for the things they booked like flights and hotels. The messages had some added legitimacy, too, because they contained the customers’ booking references and other details.
Sophistication now rules the roost
Researchers at cybersecurity company Perception-Point – which first detected the scam – echo that legitimacy sentiment, saying that it’s a prime example of the lengths threat actors will go to for a payday. KCAL’s On Your Side reporter Kristine Lazar broke down how this scam works…
How to protect yourself in today's new scam world
As you can tell, we’ve been thrown into a whole new world of scamming. And as phishing scams continue to evolve, it’s important we have to evolve, too.
Peleg Cabra, a product marketing manager at Perception-Point, says that based on the Booking.com scam, he suggests the first thing anyone who gets an email from any company should do is double-check the URLs the message wants the target to click and visit.
“Always scrutinize URLs to ensure they align with the legitimate website,” Cabra noted. “Look for subtle misspellings or unfamiliar domain extensions. Look for suspicious links on pages that don’t function properly or lead to broken pages.” One way to do that is using Google’s “safe browsing” checker.
The suggestion that you regularly monitor your accounts for signs of odd or unauthorized transactions isn’t new, but what is new is the fact that scammers are taking smaller chunks out of peoples’ bank accounts, and then repeating the process.
As Eva Velasquez of the ITRC recently shared with ConsumerAffairs, many of us have our bank/credit card notifications set too high. Most people set it to $100 thinking that’s what fraudsters are going to try and hit us for at a minimum, but Velasquez told ConsumerAffairs that cybercrooks these days float a small – like $10 – transaction first.
Then, if that goes through, the scammers keep on dinging the accounts in small increments to stay under the radar. Setting yours at $1 may seem unnecessary and you may get several notifications a day, but at least you’ll be on top of what’s going on – and feel a lot more secure.
The National Security Agency recently noted that scammers are now going deeper into messaging in places that we haven’t had to worry about before. The agency recommends that consumers pay particular attention to messages that come through platforms such as Slack, Teams, Signal, WhatsApp, iMessage, and Facebook Messenger.
These attacks can lead users to divulge their login credentials or click on malicious hyperlinks or attachments that execute malware, so if you don’t recognize someone, think twice before responding.