\nRobert Woodford, a recruitment marketing specialist, recently shared on LinkedIn how he fell victim to a highly sophisticated scam while booking a hotel in Verona through Booking.com, providing a striking example of how attacks on the hospitality industry affect travelers.<\/p>\n
After completing a legitimate booking\u2014and trading some communications with the hotel\u2014Woodford received a separate message that he believed came from the official Booking.com messaging system. This message requested \u201cmissing details\u201d and a prepayment. <\/p>\n
But to be safe, Woodford logged into Booking.com directly rather than clicking any links. There, he found the same message in the _same thread_ as his earlier communications with the hotel. The payment link also looked official, as it contained \u201cbookingcom\u201d in the URL. Woodford didn\u2019t realize until after making the payment that the merchant\u2019s name was incorrect and the payment was fraudulent.<\/p>\n
Woodford’s story falls in line with a blog I wrote a few months ago about how phishers use fake CAPTCHAs to trick hotel staff into downloading malware. It also demonstrates how travelers can be deceived by increasingly sophisticated cybercriminals exploiting real booking data and trusted platforms. <\/p>\n
The Swiss National Cyber Security Centre (NCSC) reported similar attacks where hotel staff were tricked into installing malware through fake CAPTCHAs and malicious clipboard commands. These infections compromise hotel booking systems, allowing attackers to manipulate guest communications and payments.<\/p>\n
To be clear, these types of online scams are so effective because the hotel itself has been compromised, and travelers log into official, verified websites and services only to receive malicious messages from cybercriminals who are secretly in control. These aren’t fake websites\u2014these are fake representatives for real hotels using the hotels’ own messaging platforms to speak with customers.<\/p>\n
Once the criminals infect the booking system, they can access guest data, and payment information, enabling them to impersonate hotels and reach guests directly.<\/p>\n
Adding to this picture is a warning from Arcona Hotels & Resorts who discovered \u201ctechnical irregularities\u201d and disconnected several locations from the central IT services as a precautionary measure to limit potential damage. ResponseOne GmbH, a company specializing in IT forensics, was brought in to conduct a technical analysis and manage the situation.<\/p>\n
Arcona Hotels & Resorts is a German-based company specializing in operating and developing hotels, particularly focusing on leisure and holiday hotels, boutique hotels, and 5-star properties. While we have no direct information about what happened there, the timing and nature of their advisory suggest that this incident might be part of a wider campaign targeting the hospitality industry\u2019s digital infrastructure.<\/p>\n
## Advice for travelers<\/p>\n
Cybercriminals are no longer just targeting guests. They are infiltrating hospitality systems themselves, turning trusted platforms into vectors for fraud.<\/p>\n
Robert lost a few hundred quid and the trust in his bank, the travel platform he used, and a bit of trust in his own judgement. While Robert was vigilant and still became a victim, there are some tips to keep in mind:<\/p>\n
* Always access booking platforms by typing URLs directly into your browser rather than clicking links in emails or messages.
* Verify any payment requests by contacting the hotel or booking platform through official channels. You can also call the hotel directly.
* Be suspicious of urgent payment demands or requests for unusual payment methods.
* Use credit cards for bookings where possible, or other options that provide fraud protection.
* Report suspicious messages to the booking platform immediately.
* Use browser protection against scams, credit card skimmers, and other malicious sites.<\/p>\n
Be aware of the fact that the systems you trust might be compromised. Vigilance and proactive security measures are essential for both travelers and hotels to mitigate these risks.<\/p>\n
* * *<\/p>\n
**We don\u2019t just report on threats\u2014we remove them**<\/p>\n
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title Booking.com reservation abused as cybercriminals steal from travelers Update ID MALWAREBYTES:58F9D52F72224B466D0CAFF6EB26C823 Type malwarebytes Published 2025-06-06T14:00:00 Last Updated 2025-06-06T14:00:00 Security…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,115,13,33,7,11,5],"class_list":["post-6540","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n
Booking.com reservation abused as cybercriminals steal from travelers - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6540\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Booking.com reservation abused as cybercriminals steal from travelers - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title Booking.com reservation abused as cybercriminals steal from travelers Update ID MALWAREBYTES:58F9D52F72224B466D0CAFF6EB26C823 Type malwarebytes Published 2025-06-06T14:00:00 Last Updated 2025-06-06T14:00:00 Security...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6540\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-06T11:34:47+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Booking.com reservation abused as cybercriminals steal from travelers\",\"datePublished\":\"2025-06-06T11:34:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540\"},\"wordCount\":695,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"malwarebytes\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6540#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540\",\"name\":\"Booking.com reservation abused as cybercriminals steal from travelers - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-06T11:34:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6540\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6540#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Booking.com reservation abused as cybercriminals steal from travelers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Booking.com reservation abused as cybercriminals steal from travelers - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6540","og_locale":"en_US","og_type":"article","og_title":"Booking.com reservation abused as cybercriminals steal from travelers - zero redgem","og_description":"Security Update News Update Information Title Booking.com reservation abused as cybercriminals steal from travelers Update ID MALWAREBYTES:58F9D52F72224B466D0CAFF6EB26C823 Type malwarebytes Published 2025-06-06T14:00:00 Last Updated 2025-06-06T14:00:00 Security...","og_url":"https:\/\/zero.redgem.net\/?p=6540","og_site_name":"zero redgem","article_published_time":"2025-06-06T11:34:47+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6540#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6540"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Booking.com reservation abused as cybercriminals steal from travelers","datePublished":"2025-06-06T11:34:47+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6540"},"wordCount":695,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","malwarebytes","news","NONE","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6540#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6540","url":"https:\/\/zero.redgem.net\/?p=6540","name":"Booking.com reservation abused as cybercriminals steal from travelers - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-06T11:34:47+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6540#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6540"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6540#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Booking.com reservation abused as cybercriminals steal from travelers"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6540","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6540"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6540\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6540"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}