The users of popular travel websites are targeted by phishing campaigns in an attempt to lure them into disclosing personal information. The travel websites have issued an alert to inform their customers of fraudulent emails and SMS messages used to deceive victims.
Some users already notified to have received a phone call that informed them of a $2600 win towards trip, the hackers requested a valid credit card to check into the resort. The malicious messages notified users the company had detected suspicious activities on their accounts that caused unauthorized access of customer data (i.e. names, phone numbers, email addresses and travel bookings).
A number of travelers who use Hotels.com were recently tricked into disclosing their personal data.
The situation is similar for Expedia, the company Head of Communications Sarah Gavin confirmed that the data had not been stolen from Expedia, but rather a third-party. The report issued by the company confirmed that the impacted users who had used the Expedia system recently to book a stay a specific hotel that was scammed by criminals.
“The data was stolen by a criminal who successfully phished a partner hotel and obtained that hotel’s login credentials, subsequently stealing names and other information about consumers who had used the Expedia system recently to book a stay at that hotel,” read the report.
The companies operating the travel websites encouraged users to take cautionary steps when receiving suspicious messages, it is important to remark that these firms will never request sensitive data to their customers.
“We will never request sensitive or financial information nor require you to transfer money to any account via an email or SMS message,” read the notice.
(Security Affairs – travel websites, phishing)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.