The customers of popular travel websites are targeted by phishing scam in an attempt to lure them into disclosing personal information.
The users of popular travel websites are targeted by phishing campaigns in an attempt to lure them into disclosing personal information. The travel websites have issued an alert to inform their customers of fraudulent emails and SMS messages used to deceive victims.
Among the companies targeted by the hackers, there are popular online travel agencies including Hotels.com, Expedia and Travelocity.
Some users already notified to have received a phone call that informed them of a $2600 win towards trip, the hackers requested a valid credit card to check into the resort. The malicious messages notified users the company had detected suspicious activities on their accounts that caused unauthorized access of customer data (i.e. names, phone numbers, email addresses and travel bookings).
A number of travelers who use Hotels.com were recently tricked into disclosing their personal data.
The situation is similar for Expedia, the company Head of Communications Sarah Gavin confirmed that the data had not been stolen from Expedia, but rather a third-party. The report issued by the company confirmed that the impacted users who had used the Expedia system recently to book a stay a specific hotel that was scammed by criminals.
“The data was stolen by a criminal who successfully phished a partner hotel and obtained that hotel’s login credentials, subsequently stealing names and other information about consumers who had used the Expedia system recently to book a stay at that hotel,” read the report.
The companies operating the travel websites encouraged users to take cautionary steps when receiving suspicious messages, it is important to remark that these firms will never request sensitive data to their customers.
“We will never request sensitive or financial information nor require you to transfer money to any account via an email or SMS message,” read the notice.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.