Best Western Hotels warns of phishing attacks
Scammers apparently have access to current booking data from Best Western Hotels. The company is warning of a phishing wave.
(Image: Best Western / heise medien)
Best Western Hotels (BWH) is currently sending emails to all customers warning them about ongoing phishing attacks. However, not only Best Western Hotels are affected, but the entire hotel industry worldwide.
In the email we received, BWH writes: “We are currently receiving numerous reports from travelers who have received fraudulent emails or WhatsApp messages from foreign phone numbers and cryptic email addresses in connection with an upcoming booking.” The message text urges recipients to confirm bookings or verify payment details.
Real Data in Phishing Messages
We received a reader tip according to which such a WhatsApp message reached him on February 17th, asking him to supplement a booking made on January 15th by clicking on a link. If not followed, the booking would expire within 24 hours. Both the booking date and the name were correct, and the phone number presumably also comes from the unknown data source.
BWH states accordingly: “The senders are misusing our logos to give the impression that the messages are coming from our hotels. This is not the case. Please do not click on any included links, and do not disclose any personal data or payment information.” The hotel chain adds, “We are currently observing a widespread phishing attack that impacts the entire hotel industry worldwide and is not limited to our hotels. These fraudulent messages may contain booking information, including names, contact information, and details about a future stay.” However, additional information such as special requests, payment information, or other sensitive data is not included.
Videos by heise
The source of the data leak is currently still unknown. However, according to their statements, Best Western Hotels are working “with external IT specialists and the responsible authorities at home and abroad [...] with the utmost urgency to clarify the matter.” Customers who have received such a fraudulent message should save a screenshot but under no circumstances click on the included link. Anyone who has already entered data on such a phishing page should contact their bank and have their payment cards blocked preventively. In addition, Best Western Hotels asks in this case to also notify the data protection team at the email address datenschutzbeauftragter@bwhhotels.de.
The current incidents are reminiscent of the unresolved phishing incidents surrounding Booking.com, which increasingly impacted hotels in South Tyrol around the middle of last year. There were frequent compromises of Booking.com's extranet access.
(dmk)
