One of the largest online travel agencies in the world,, has complained of customers being attacked by hackers. Even though the systems and networks of the agency itself are not compromised, many customers have been scammed by online criminals targeting the website’s partner hotels. The bad actors have found a way to steal login credentials they use to approach customers pretending to be hotel staff.

What have the online attacks on been like?

Fraudsters manage their way into the targeted hotel’s system by calling the front desk and pretending to be a guest who recently left the hotel but had forgotten a valuable item. The criminal on the phone then follows up with the hotel receptionist by sending an email with a link to a file stored on Google Drive.

The file is supposed to be a picture of the item in question. However, instead of an image, the customer service rep opens a malicious Vidar Infostealer file that automatically steals login info from the hotel system and relays it to the fraudsters.

Then, the bad actors log in to using the stolen credentials and approach hotel guests, asking them to pay bogus fees. Instead of sending the victims to or an actual hotel website to process the payment, the hackers forward the victim to a spoofed website or take credit card details over the phone. The attack is highly successful as guests do not realize they are being scammed because the messages come from legit, but sadly hacked, accounts of hotels listed on

Cyber security researchers observed login credentials up for sale on the Dark Web, costing approximately $2,000, which indicates that those login details likely have a high success rate. has confirmed that it is aware of the ongoing cyber-attacks on its partner hotels and is doing its best to prevent them from happening.

Tips for identifying fraudulent tactics

The online travel agency has started educating the partnering hotel’s staff on identifying such fraudulent tactics and is encouraging hotels to use multifactor authentication to protect their accounts. The online travel agency also has advices for end customers too. Hotel guests should always be cautious of anyone who asks them to pay additional charges. They have advised people always to contact the main lines of or the partner hotel to confirm the authenticity of any payment requests.

Another red flag for customers is when customers get asked for payment information over the phone or a messaging app – legitimate transactions should be able to be processed through an online payment portal. Legit hotels rarely require end-customers to share personal info over the phone or a messaging app.

The scam has been going on for more than six months. It has targeted partner hotels and customers from multiple countries worldwide, including the United States and the United Kingdom, as well as many Asian and European countries.

High-level antivirus software solutions have built-in tools to prevent end users from going to malicious websites, so users are generally well covered against this type of fraud if they are protected with award-winning antivirus software and simply refuse to share payment info over the phone or a messaging app such as WhatsApp.

Sources: BBC | The Guardian