Cybersecurity specialist warns of global Booking.com hijacking scheme linked to Lehtojärvi hotel breach

Juha Tretjakov, a cybersecurity specialist from Traficom, has revealed in the Lapin Kansa that the hijacking of Booking.com accounts is a global issue. Criminals have been executing this scheme for several years. According to Traficom, a data breach involving a snow hotel in Lehtojärvi, Rovaniemi, occurred specifically through the Booking.com hotel reservation site.

Tretjakov explains that in this scam, the hotel receives a fake message that appears to come from Booking.com. The message claims that a customer has filed a complaint against the hotel, urging it to take action to resolve the issue. Notably, the message contains a link that seems to direct the hotel to a legitimate administrative account. However, the link actually leads to a phishing site. If the hotel logs in through this site, its credentials will be compromised by the criminals.

This breach allows the offenders to access the hotel’s Booking.com account, providing them with sensitive information about the hotel’s guests, including names and reservations. Tretjakov reassures that customer bank account details are not at risk in this scheme. With financial gain as their motive, the criminals utilize the service to send messages to customers, requesting payment for invoices or reservations.

Reports of Booking.com scams are made to the cybersecurity center only once or twice a month.