The hotel employee who calls you with an urgent payment request is not necessarily who he says he is. It could be another case of a scam with the so-called “Kidnapping of Reserves”.
A new wave of digital scams is targeting hotel, airline and car rental customers with a scheme called “Reserve Hijacking“, says .
The name already gives a clue about how it works. Generally speaking, fraudsters use data about a reservation we madein most cases in companies in the tourism sector, to mislead us and make us send money to an improper destination.
Although this type of scam is not exactly new, it uses a different method than what we reported on ZAP in November — and a recent data breach of Booking.com customers came increase the risk of people getting caught.
The “Sequestration of Reserves” technique is sophisticated. With data about customers and their reservations, it is possible put together a much more convincing scheme — why would the client not believe a person who presents himself as employee of a spa where she has a reservationespecially if you know your travel dates, your cell phone number and your email address?
According to Booking, no financial information was exposed in last month’s computer attack. Even so, names, email addresses, cell phone numbers and booking datanote to .
The travel portal states that affected customers have been notified via email about the increased risk of scams — and this is the first thing to check to stay safe.
Reduce the risk of being a victim of reserve hijacking it involves many of the same security precautions you may already be taking, and simply being aware that this is a possible form of attack will make all the difference.
How Reservation Sequestration works
A kidnapping of reserves can take several forms. Similar to other types of scams, it tends to evolve over time.
The basis of the scheme is that someone contacts you claiming to be an employee be from an establishment where is there a reservationbe it a car rental company or a hotel.
Scammers try gather as much information as possible about you and your reservation. Sometimes, they target employees of the establishment where you have the reservation, in order to access the respective systems; other times, they take advantage of a more comprehensive data breach, as happened with the recent attack on Booking.
They can still obtain information by other means. Perhaps they have somehow accessed your email, or your social media postswhere he shared his next holiday destination and a countdown of the days left. Don’t let your guard down if you find yourself talking to someone who knows a lot about your travel plans.
O The ultimate goal of fraud is typically to obtain some type of payment related to the reservation. Requesting a bank transfer or credit card details are frequently used tactics, which will, of course, be directed to the fraudsters and not to the hotel or travel company you think you are dealing with.
Scam attempts can be reached by emailtext message or phone call and, as often happens in this type of criminal activity, a sense of urgency — perhaps you needed to pay quickly to secure your reservation, or there was a “payment processing error” that needs to be resolved quickly.
How to avoid getting caught
In essence, reservation hijacking scams work the same way as many others: you are contacted by someone who is not who they pretend to be.
Regardless of the details you may have about your reservations or travel plans, should not enter into any negotiation with anyone who asks you for money without first verifying your identity.
If you have any questions, ask if you can contact that person by the same means she used to contact him. If someone is pretending to be from a hotel and you ask if you can call the hotel back, the scheme falls apart quickly.
It should be especially cautious when asked questionseven if it is just to “confirm” some data.
Using exclusively official communication channels and applications is essential to protect yourself against these and other scams. Malicious actors who intend make money at your expense They will necessarily have to operate outside these channels, precisely because they are not official channels.
Like always, don’t make hasty decisions — that’s exactly what scammers will almost always try to force.
All usual good security practices continue to apply equally. Protect your accounts with strong and unique passwordsthat they do not share with anyone and that they are impossible to guess.
What if the accounts you use make available two-factor authenticationwhere a verification code is required in addition to the username and password, ative-a.
