Have you come across an email claiming to be from Booking.com regarding a complaint from a lodger? The email might have asked you to click on a link to address the complaint quickly.
Question: Is this email genuinely from Booking.com, or could it be a scam?
Investigation Findings: This email is part of a phishing scam. Scammers send fake emails pretending to be from Booking.com, using tactics like asking recipients to view a complaint or respond to an inquiry. By clicking the provided links, you are directed to fake websites that use a technique called ClickFix. This method tricks users into running malicious commands on their devices, leading to malware infections like Lumma Stealer.
Answer: The email you received is a fraudulent attempt to trick you. π‘ To protect yourself from scams like this, always double-check the sender’s email address and be careful with unexpected emails asking you to click links or open attachments. If in doubt, contact the company directly using known contact details to verify the email’s legitimacy. Additionally, ensure your devices have up-to-date security software to help detect and block such threats.
A typical “Booking.com” scam email reads as follows:
Booking.com
Dear Hotel Team,
A lodger has raised a complaint regarding their past stay at your
property. The complaint includes details about incidents involving your
team and accommodation.
You can go through the submitted grievance and get in touch with the
customer at your earliest convenience to respond to their grievances by
clicking the link provided.
View Complaint
We politely ask that you handle this complaint as soon as possible to
ensure a satisfactory resolution for both involved parties.
If you seek any guidance, please do not wait to get in touch.
With best wishes,
The Booking.com Team
Β© 1996-2024 Booking.com. All rights reserved.
This email was sent by Booking.com, Oosterdokskade 163, 1011 DL, Amsterdam,
Netherlands.
Booking.com Email Scam overview
The Booking.com Email is a phishing scam pretending to be a message from Booking.com. This scam targets hotels and property owners, tricking them into clicking links that lead to fake websites. By doing so, scammers aim to run a social engineering trick called ClickFix, which spreads malware on the victims’ computers.
Scammers send emails claiming to be from Booking.com, notifying recipients about a complaint from a lodger. The email encourages the recipient to click a link to view the complaint details. This “View Complaint” link doesn’t lead to real complaint information but takes you to a malicious website.
There are different versions of this scam email. One might look like it’s from someone named Sammie Guerra, asking about room details like Wi-Fi and views. In all cases, the links lead to fake sites designed to trick recipients into copying and running a command on their computers. Following these instructions triggers malware such as Lumma Stealer, which can steal information or even control your computer.
To avoid falling for this scam, always be cautious with emails asking you to click on links or open attachments, especially if they sound urgent or too good to be true. Ensure you verify the sender before taking any action.
Summary Table
| Name | Booking.com Email Scam |
| Type | Phishing Scam |
| Method | Emails with malicious links and deceptive attachments leading to fake websites |
| Objective | To trick recipients into installing malware by executing malicious commands |
| Main Malware Distributed | Lumma Stealer, potentially other trojans or ransomware |
| Fake Domains Used | fixecondfirbook.info, bookviewreserve.com |
| Technique | ClickFix (social engineering to make victims execute malicious scripts) |
| Common Lures | Complaint resolution, booking inquiries, and fake technical fixes |
| Action Suggested in Emails | Clicking on links, copying commands, executing via Run command or PowerShell |
| Target | Hotel management teams, staff, and potentially individual consumers |
| Consequences | Malware infection leading to data theft, system control, or resource exploitation for cryptocurrency mining |
| Preventive Measures | Verify email authenticity, avoid unsolicited links/attachments, use updated security software, educate team about phishing |
This expanded table provides a more comprehensive overview of the Booking.com email scam, including methods, objectives, and preventative measures.
π§ What to Do When You Receive the “Booking.com” Scam Email
We advise everyone who receives this email to follow the simple steps below to protect yourself from potential scams:
- β Do not believe this email.
- π NEVER share your personal information and login credentials.
- π Do not open unverified email attachments.
- π« If thereβs a link in the scam email, do not click it.
- π Do not enter your login credentials before examining the URL.
- π£ Report the scam email to the FTC at www.ftc.gov.
If you accidentally click a phishing link or button in the “Booking.com” Email, suspect that your computer is infected with malware, or simply want to scan your computer for threats, use one of the free malware removal tools. Additionally, consider taking the following steps:
- π Change your passwords: Update passwords for your email, banking, and other important accounts.
- π‘οΈ Enable two-factor authentication (2FA): Add an extra layer of security to your accounts.
- π Contact your financial institutions: Inform them of any suspicious activity.
- π Monitor your accounts: Keep an eye on your bank statements and credit reports for any unusual activity.
π How to Spot a Phishing Email
Phishing emails often share common characteristics; they are designed to trick victims into clicking on a phishing link or opening a malicious attachment. By recognizing these signs, you can detect phishing emails and prevent identity theft:
π‘ Here Are Some Ways to Recognize a Phishing Email
- βοΈ Inconsistencies in Email Addresses: The most obvious way to spot a scam email is by finding inconsistencies in email addresses and domain names. If the email claims to be from a reputable company, like Amazon or PayPal, but is sent from a public email domain such as “gmail.com”, it’s probably a scam.
- π Misspelled Domain Names: Look carefully for any subtle misspellings in the domain name, such as “arnazon.com” where the “m” is replaced by “rn,” or “paypa1.com,” where the “l” is replaced by “1.” These are common tricks used by scammers.
- π Generic Greetings: If the email starts with a generic “Dear Customer”, “Dear Sir”, or “Dear Madam”, it may not be from your actual shopping site or bank.
- π Suspicious Links: If you suspect an email may be a scam, do not click on any links. Instead, hover over the link without clicking to see the actual URL in a small popup. This works for both image links and text links.
- π Unexpected Attachments: Email attachments should always be verified before opening. Scan any attachments for viruses, especially if they have unfamiliar extensions or are commonly associated with malware (e.g., .zip, .exe, .scr).
- β° Sense of Urgency: Creating a false sense of urgency is a common tactic in phishing emails. Be wary of emails that claim you must act immediately by calling, opening an attachment, or clicking a link.
- π Spelling and Grammar Errors: Many phishing emails contain spelling mistakes or grammatical errors. Professional companies usually proofread their communications carefully.
- π Requests for Sensitive Information: Legitimate organizations typically do not ask for sensitive information (like passwords or Social Security numbers) via email.
β Conclusion
We hope this article has helped you understand more about the “Booking.com” Scam Email and how to avoid falling victim to scammers. If you have received a phishing email that is similar but not identical to the example above, please post it in the comments section of this article. This helps us warn other users about potential scams and improve our resources to protect you better. Stay safe and vigilant! π‘οΈ
