Scammers are sending out phishing emails that target employees in the hospitality industry.
In this scam, you receive an email with a link that appears to be from the travel website Booking[dot]com. The email may claim you need to verify a guest’s reservation, confirm details about a customer’s recent stay at your property, or check the status of your travel organization’s account. If you click the link, you are taken to what looks like a legitimate CAPTCHA webpage. A CAPTCHA is a security measure requiring you to click photographs or type text in order to access certain websites. The CAPTCHA page appears to be legitimate, but it provides you with unusual instructions. It directs you to run a command on your computer. But if you follow these steps, you won’t be able to access the travel website.
This CAPTCHA webpage is actually fake. Instead, the command that you run will install malware on your computer. The malware then steals your user credentials and financial information.
To avoid falling victim to this scam, here’s what we suggest:
Contact online service providers directly if you have questions about travel reservations or your account’s status. Be sure to use the website’s official customer service portal or phone number.
Remember to hover your mouse over links to check if they are legitimate. Be wary of anything unusual, such as suspicious URLs or strange instructions.
While this scam is directed toward hospitality employees, remember that scammers can use similar tactics to trick anyone into acting impulsively. Always stop and think before taking action.
Contact our experts to discover how our security awareness training empowers your workforce to keep your organization secure.
