It is advisable to always book holiday trips directly with the hotel itself. This is because booking portals can pose a security risk, as recent phishing cases show.
According to reports from the Lower Saxony Consumer Center, cybercriminals have successfully gained access to the interface between booking portal and hotel. Shortly before the planned arrival, travelers are contacted via WhatsApp. A supposed hotel manager poses as the contact person and asks for confirmation of the booking. She also asks whether a parking space is required. Almost at the same time, those affected receive a deceptively real-looking email that is similar to the communication provided by the booking portal. This email asks you to re-enter your credit card details. If this request is not complied with within 24 hours, the booking will be cancelled and the holiday will be at stake.
The tricky thing about this is that neither the hotel nor the booking portal is aware of this contact. When travelers reveal their credit card details, they risk not only losing travel value, but more money.
The friendly and courteous nature of the “hotel manager” is particularly perfidious. How else would she know which hotel was booked for which period? To protect yourself from fraud, it is best to consider the following aspects when sending such or similar messages:
- Always check the sender's email address. The name of the booking portal is often misspelled or contains additional characters and combinations of numbers.
- Never share your information with unknown people on WhatsApp.
- Call the hotel directly (not via the number listed in WhatsApp) and find out more.
- Trust your gut feeling: If you feel uncomfortable when contacting us, handle your data carefully.
If you have already been the victim of such a phishing attack or a similar incident, you should immediately have your credit card blocked and contact an experienced lawyer who is familiar with this issue. You should also file a complaint with the police.
Do you have any questions about phishing, pharming, skimming or cybercrime in general?
