Warning: Sophisticated Phishing Scam on Booking.com Uses Lookalike URLs to Steal Your Data
Travelers using the popular booking platform Booking.com are being targeted by a highly deceptive phishing scam that uses the platform’s own messaging system to trick users into handing over their financial information. This new wave of attacks is particularly dangerous because it appears to come from a trusted source, making it difficult for even vigilant users to detect.
The scam bypasses traditional email security by originating from within the official Booking.com website and mobile app, exploiting the trust users place in the platform.
How the Scam Works
The attack begins when cybercriminals gain unauthorized access to the administrative portals of hotels and other properties listed on Booking.com. Once they have control of a hotel’s account, they can view upcoming reservations and directly message customers who have a booking.
Here is the typical sequence of the scam:
- A Message Appears Legitimate: You receive a message about your upcoming stay directly through the Booking.com app or website. Because it comes from the official system, it doesn’t look like a typical spam email.
- A Sense of Urgency is Created: The message often claims there is a problem with your payment card verification. It will threaten that your booking will be canceled within a few hours if you don’t take immediate action.
- A Malicious Link is Provided: The message includes a link, urging you to re-enter or “verify” your payment details to secure your reservation.
- Data is Stolen on a Fake Page: Clicking the link takes you to a fraudulent website designed to look exactly like the real Booking.com payment page. When you enter your credit card number, expiration date, and CVV code, the information is sent directly to the scammers.
The Deceptive URL Trick: The Homograph Attack
What makes this phishing attempt so effective is its use of a clever technique known as a homograph attack. Scammers register domain names that are visually almost identical to the real one by using characters from different alphabets that look the same as Latin letters.
In this specific scam, attackers have been observed using a Japanese Hiragana character “ん,” which is nearly indistinguishable from the letter “n.” A user might be directed to a URL like “bookiんg.com” instead of “booking.com.” On a mobile device screen, where URLs are often truncated, or to the naked eye, this tiny difference is virtually impossible to spot. This trick allows the fake website to appear completely legitimate, complete with a security padlock icon in the browser.
The core danger of this scam is that it exploits the trust you have in the platform itself. Since the message originates within the official app from what appears to be your hotel, it bypasses the natural suspicion you would have for a random email.
How to Protect Yourself and Secure Your Bookings
Staying secure requires a proactive and cautious approach, especially when dealing with urgent requests for financial information. Follow these essential security tips to protect yourself from travel-related scams.
- Be Skeptical of Urgent Requests: Legitimate companies rarely use high-pressure tactics that threaten immediate cancellation of your booking. Always treat messages demanding urgent action as a potential red flag, even if they appear to be from an official source.
- Never Click on Payment Links in Messages: This is the most critical rule. If you need to update your payment information, log out and log back into your Booking.com account manually through your browser or the app. Navigate to your bookings and manage your payment details through the official interface, not through any link sent to you.
- Verify with the Hotel Directly: If you receive a suspicious message, find the hotel’s official phone number through a separate internet search (not from the message itself) and call them to confirm if the request is real.
- Scrutinize Every URL: Before entering any sensitive information, carefully inspect the website address in your browser’s URL bar. Look for subtle misspellings or unusual characters. If you have any doubt, do not proceed.
- Enable Two-Factor Authentication (2FA): Protect your Booking.com account by enabling 2FA. This adds an extra layer of security, making it much harder for attackers to gain access even if they manage to steal your password.
By staying informed and vigilant, you can ensure your travel plans remain secure and your personal data stays out of the hands of cybercriminals. Always think before you click, especially when your financial information is at stake.
Source: https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/
