Beware of vacation! Hotel phishing!

Beware of vacation! Hotel phishing!

Summer is approaching and who does not want to go on vacation and at a good price, of course! and for this, it is common to look for deals in the various accommodation search engines, in order to find the bargain of the summer.

Well, you have to be very careful with these practices, because even if your search engine or hosting platform is safe and you have never had any problem booking with it before, cybercriminals are every day more attentive to our movements and ready to confuse us and steal our personal data.

Through these scams, cybercriminals could gain access to our full name, phone number, email, bank card number, stay data, etc.

Case Study: Booking

The Spanish Data Protection Agency(AEPD) has just published a resolution(PS-00133-2024) where a person booked his accommodation through Booking.com and received a WhatsApp message on his private phone, where the “supposed” manager of the hotel where he had made the reservation, addressing the person who had made the reservation by his name and surname, asked him to confirm his reservation, providing him with a fraudulent link to enter his bank card details.

The person who was going to be a victim of phishing had his doubts about the message received and was cautious about such a situation, since he had previously Before answering or providing her information, she called the hotel directly to verify that the email was legitimate and not a fraud. The hotel confirmed that it was a fraud.

In this case, the ending is a happy one because the person was informed about the social engineering techniques used today by cybercriminals to commit fraud and scams, and was able to avoid becoming another victim.

According to the AEPD’s own resolution, the respondent (booking.com) alleges that these phishing attacks are frequent and that the accommodations are violated and the cybercriminals manage to act on their behalf.

They mention that cybercriminals, by attacking the platform, can access customer data and also contact them, by different means.

In the case discussed in the resolution, Booking accepts the possibility of having had a security breach, which resulted in cybercriminals being able to access the company’s email account.

The AEPD considers that there was a violation of art. 5.1 f) and 32.1 and 33.1 of the RGPD, being the sanction imposed of 7,000 euros, as well as the adoption of complementary measures with the aim of coupling the actions of the data controller to the provisions of the data protection regulations.

How to avoid being a victim of phishing?

INCIBE’s recommendations in this regard are as follows:

Do notopen e-mails of unknown origin, nor the attachments that may appear in such e-mails.

Do notanswer e-mails that may be malicious and that we cannot detect who is sending them to us.

Updatethe software of all our devices.

Do notclick on links that are part of the content of unsolicited or unknown e-mails.

Enabletwo-factor authentication for the security of your accounts.

Business Adapter® at your service

If you want to reinforce the security measures of your business to avoid cases of phishing or other cyber-attacks and avoid penalties, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!