14 DAY TRIAL // Security experts from Sophos have come across a number of fake emails that purport to originate from booking.com. Internet users are advised to be on the lookout since these phony notifications carry some nasty pieces of malware.
Bearing the subject “Hotel booking confirmation [random number],” the messages inform the recipient that a reservation has been made on his/ her behalf.
“Dear, We have received a reservation for your hotel. Please refer to attached file now to acknowledge the reservation and see the reservation details,” reads a part of the email.
Internauts who fear that their credit cards may have been misused might rush to open the attachment to learn the details of the transaction.
The spammers are probably counting on this since the attached .zip file actually contains the now-infamous Trojans commonly known as Mal/BredoZp-B and Troj/Inject-VI. We recommend users to avoid such emails and delete them as soon as they hit their inboxes, to prevent them from causing any damage.
Scams like this one are certainly not something new and our readers are probably well aware of how these plots work. However, it’s clear that such spam campaigns still record a considerable success because if they hadn’t, cybercriminals wouldn’t bother launching them anymore.
This reminds us of the presentation made by Bruce Schneier at the 2012 Hack in the Box conference in Amsterdam.
In his latest book, entitled “Liars and outliers,” he highlights the fact that if there was too much spam in the world, no one would ever bother to check their email accounts because they’d know that there’s nothing there but unsolicited messages.
Fortunately, we’re not at this stage yet, but unfortunately, it means that fraudsters will continue to bombard unsuspecting internauts with malicious notifications, and that’s why, as always, we urge you to be on the lookout. Stay safe!