Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Security researchers (Norton/Gen) uncovered a global reservation-hijacking phishing campaign affecting at least 350 hotels, vacation rentals and guesthouses across 50 countries; attackers use real booking names and reservation details in SMS, WhatsApp and email lures to trick victims into visiting fake booking pages and submitting credit card and personal data. The activity leverages phishing-as-a-service kits, impersonation of booking platforms (e.g., Booking.com) and likely compromises of hotel staff or third-party booking systems (CloudBeds cited) to obtain reservation information and increase the success of spear-phishing attacks.