The Centre for Cybersecurity Belgium (CCB) is warning of a creative phishing attack believed to be via Booking.com and accounts of hotels and other accommodation providers. Cybercriminals are sending fake payment requests to guests with correct travel details. This makes them particularly credible and difficult to recognise.

What is the risk?  

Your guests receive seemingly official payment requests via Booking.com or email

  • The messages contain real details of the reservation, such as arrival and departure dates, names and reservation numbers, which creates trust.
  • If a guest pays via the link, the money goes to fraudsters instead of your hotel.
  • Your business could suffer reputational damage, receive negative reviews and lose a lot of bookings in the long run.

What can you do?  

Take step-by-step measures to increase your level of cyber security using the CyberFundamentals Framework from Safeonweb@work.

How do you recognise an attack?

  • You suddenly notice messages in your account that you did not send yourself.
  • Your access to the account has been changed or blocked.
  • Guests contact you with questions about payments you did not request.

Are you a victim?

  • Activate two-step verification (2FA) on all your hotel accounts, starting with your email account. This will keep cybercriminals out.
  • Forward all suspicious emails to suspect@safeonweb.be
  • Notify all your customers with current reservations that false messages are circulating. Warn them to be careful and provide them with an email address or telephone number where they can safely reach you.
  • Report the incident to the local police where your business is located. Here you will find an overview of police stations. 

[NL] Safeonweb Campagne 2024

[FR] Safeonweb Campagne 2024