In case you’re expecting a confirmation notification from Booking.com – and even if you’re not – you should be careful in case an email entitled “Booking Confirmation 09890543” lands in your inbox.
Unlike other Booking.com spam campaigns
, the notification doesn’t contain any message. The crooks that launched this one are probably hoping that curious recipients will open the attachment to see what it contains.
As Sophos experts highlight, opening the Booking_BEDDING-INCLUSIONS.zip
file is a big mistake.
The archive contains a file called Booking_BEDDING-INCLUSIONS.pdf.exe
, which at first glance may appear to be a harmless PDF document, but in reality, it hides a nasty piece of malware identified as Mal/BredoZp-B.
We strongly advise users never to open files attached to unsolicited suspicious-looking emails. Remember that legitimate companies would never send out such notifications.