Scam Emails:
Booking Confirmation from Booking.com

News from Omniquad | June 28, 2012

Fraudulent emails from Booking.com – beware of this scam, emails contain malicious code.

The holiday season is upon us, and people are making hotel reservations, many opting to book from places such as hotels.com, Expedia or booking.com, legitimate sites for finding accommodation over the holidays.

The malicious emails in this threat outbreak claim to be from booking.com informing the victim that their hotel booking has been confirmed and that the booking information is attached. The text in the e-mail message body instructs the recipient to open the attachment to look at the document. But beware, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the user’s system with malicious code. The zipped attachment in the email is a Trojan.

The following text is a sample of the e-mail message that is associated with this threat outbreak:

Subject: Hotel booking reservation
Date: Tue, 26 June 2012 17:56:39 + 0800

Dear,

We have received a reservation for your hotel.

Please refer to attached file now to acknowledge the reservation and see the reservation details:

Arrival: Friday 06 July 2012 Number of rooms: 1

If you have any questions regarding this reservation, please feel free to contact us. Telephone: English support xxxxxxxxxxxxxx, Spanish support 1

Customer.service@booking.com

Yours sincerely, Booking.com


Picture: Fraudulent email purporting to be from Booking.com



Don’t fall victim this scam. The email is fake. The attachment is not your, or anybody’s reservation, but a vehicle to install malicious code on your system.

Technical Insight into this Trojan.


Sep
Sep