Cybercriminals Use Stolen Hotel Reservation Data to Launch Targeted Phishing Attacks on Travelers
By
Matt Burgess
1d ago· 6 min readenNews
100/100
Golden Brown
Bagelometer↗
Front-window bakery material. Catches the eye, delivers the goods.
Score100TypenewsSentimentnegative
Summary
Security researchers have discovered that cybercriminals are stealing real hotel reservation data from at least 350 hotels across 50 countries to craft highly targeted spear-phishing attacks. These "reservation hijacking" scams use legitimate booking details—such as names, dates, and hotel names—to make fraudulent emails appear authentic, tricking travelers into revealing credit card information. The stolen data is sourced from compromised hotel systems, and the phishing messages are so realistic because they reference actual upcoming trips.
Key quotes
· 3 pulledAt least 350 hotels, vacation rentals, motels, and guesthouses in 50 different countries have been caught up in so-called reservation hijacking scams.
These swiped trip details, such as booking names and reservation information, are then being repurposed by cybercriminals to create highly targeted phishing messages used to steal credit card information.
Travelers' information and booking details may have been stolen from hundreds of hotels around the world, according to new findings from security researchers.
Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams.
