The users of popular travel websites are targeted by phishing campaigns in an attempt to lure them into disclosing personal information. The travel websites have issued an alert to inform their customers of fraudulent emails and SMS messages used to deceive victims.
Some users already notified to have received a phone call that informed them of a $2600 win towards trip, the hackers requested a valid credit card to check into the resort. The malicious messages notified users the company had detected suspicious activities on their accounts that caused unauthorized access of customer data (i.e. names, phone numbers, email addresses and travel bookings).
A number of travelers who use Hotels.com were recently tricked into disclosing their personal data.
The situation is similar for Expedia, the company Head of Communications Sarah Gavin confirmed that the data had not been stolen from Expedia, but rather a third-party. The report issued by the company confirmed that the impacted users who had used the Expedia system recently to book a stay a specific hotel that was scammed by criminals.
“The data was stolen by a criminal who successfully phished a partner hotel and obtained that hotel’s login credentials, subsequently stealing names and other information about consumers who had used the Expedia system recently to book a stay at that hotel,” read the report.
The companies operating the travel websites encouraged users to take cautionary steps when receiving suspicious messages, it is important to remark that these firms will never request sensitive data to their customers.
“We will never request sensitive or financial information nor require you to transfer money to any account via an email or SMS message,” read the notice.
(Security Affairs – travel websites, phishing)