clients prone to cyber fraud, warns analyst

One of the world’s largest online travel agencies says its customers are being increasingly targeted by scammers, according to a cybersecurity firm.

Though claims its systems are safe, it has been flooded with complaints from customers who have fallen foul of third-party cyberattacks, says Panda Security.

The disclosure was made on December 1st by the WatchGuard-owned cybersecurity company, which believes’s woes stem from third-party attacks that have been growing apace over the past six months.

“Even though the systems and networks of the agency itself are not compromised, many customers have been scammed by online criminals targeting the website’s partner hotels,” said Panda.

It added: “The bad actors have found a way to steal login credentials [that] they use to approach customers [while] pretending to be hotel staff.”

Playing both sides

Crooks typically target hotels by first calling up reception and pretending to be a guest who has lost a valuable item, said Panda.

“The criminal on the phone then follows up with the hotel receptionist by sending an email with a link to a file stored on Google Drive,” it added.

But instead of containing a picture of the ‘lost item’ as the fraudsters claim, the file contains Vidar infostealer malware that filches login data from the hotel’s system.

From there, it’s a short trip to logging into using the stolen credentials, allowing the scammers to approach real guests, this time pretending to be staff, and asking them to pay bogus fees.

“Instead of sending the victims to or an actual hotel website to process the payment, the hackers forward the victim to a spoofed website or take credit card details over the phone,” said Panda.

Because the messages are sent from legitimate hotel email accounts, victims do not even realize that they’ve been scammed.

Brisk trade for dark web thieves

Panda adds that cybersecurity analysts have spotted login credentials selling for $2,000 a pop on the dark web – a murky corner of the internet where cybercriminals frequently buy and sell information, services, and malware.

That suggests a high success rate for this particular scam and would seem to bear out’s customer complaint woes, as reported by Panda.

“ has confirmed that it is aware of the ongoing cyberattacks on its partner hotels and is doing its best to prevent them from happening,” it added.

The cybersecurity firm urges all hotel customers to treat any requests for extra charges with suspicion and cross-check with or partner hotels via their main telephone switchboard before paying anything.

“Another red flag for customers is when customers get asked for payment information over the phone or a messaging app,” said Panda. “Legitimate transactions should be able to be processed through an online payment portal [and] hotels rarely require end-customers to share personal info over the phone or a messaging app.”

More from Cybernews:

Bluetooth connections no longer private

One year on: how ChatGPT brought AI to the masses

Apple patches MacOS, Safari, and iOS products

Miami mobster jailed over $4M crypto theft

Signal’s Whittaker slams French govt for app ban

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked