Notification emails purporting to be from Booking.com claim to be hotel room booking confirmations and urge recipients to open an attached file to view reservation details.
The emails are not from Booking.com and they are not genuine hotel room reservation notifications. The attached file contains malware that can infect the recipient’s computer
Date Issue: 29/12/2014
Information is required to confirm your hotel reservationGravetye Manor HotelArrival: 06.01.2015
Number of rooms: 1 (non-smoking)
Please do not hesitate to contact us if you have any questions.
Booking.com Customer Service Team
Your Reference ID is: 03390ZZ5
Booking.com anytime, anywhere!
Subject: Hotel booking confirmation
Booking confirmation 7356993432
Date: Monday , 23 July 2012
We have received the reservation for your hotel.
Please refer to attached file now to acknowledge the reservation and see the reservation details.
Arrival: 29 July 2012
Number of rooms: 2
If you have any questions regarding this reservation, please feel free to contact us. Telephone: English support [removed], Spanish support [removed]; Fax 1 866 814 1719; Email: [removed]
Yours sincerely, Booking.com
Subject: Reservation Confirmation (4XQVC)
Hotel Confirmation: 0670206
Date: Tue, 24 Jul 2012 10:08:02 +0900
Here with you receive the electronic reservation for your hotel.
Arrival: Saturday, July 28, 2012
Departure: Sunday, August 05, 2012 Number of rooms: 1
Sincerely, Customer Service Team
Your Reference ID is: YPVFX
The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.
Messages purporting to be hotel room booking confirmation emails are currently being distributed to inboxes around the world. The messages, which claim to be from online booking website, Booking.com, inform recipients that room reservations have been made for a specified date a few days hence. Recipients are invited to open an attached file to view full details of the supposed reservation.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
Versions of the malware emails have been distributed since late May 2012 and look set to continue. If you receive one of these fake hotel booking messages, do not open any attachments or click on any links that it may contain.
This malware campaign is similar to an earlier trojan attack that used fake flight ticket confirmation emails that falsely claimed to be from several airline companies.
Since you’ve read this far……can I ask you for a big favour?
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.