CERT Poland warns of rising online scams targeting winter accommodation bookings, where hijacked hotel accounts are used to steal payment data.
Hijacked Hotel Accounts Fuel Scams
Cybercriminals target winter travel season by hijacking hotel accounts to steal personal data and payment card information. CERT Polska reports a surge in internet fraud linked to accommodation reservations.
Scammers contact hotel clients via messaging apps, sending links to fake booking portals designed to harvest sensitive information.
Fake Links Disguised as Confirmations
Attackers use compromised hotel credentials to send fraudulent messages in messengers, mimicking booking confirmations. These links lead to phishing sites that mimic intermediary reservation portals.
The mechanism remains simple yet effective: victims unknowingly enter details on counterfeit websites, exposing personal and financial information.
Spotting the Fraud Red Flags
CERT Polska notes scam communications are meticulously crafted and highly personalized. Always verify URLs lead to official booking platforms and report suspicious ads, messages, or sites to authorities.
Reporting Incidents
CERT Polska operates under NASK, handling cybersecurity incidents. Suspected cases can be reported via incydent.cert.pl; suspicious SMS messages should be forwarded to 8080.
