Cyber-criminals have prepared some dirty tricks for tourists looking for a room over the holidays. And it’s not the same old reception RATs, banking Trojans, wrong hotel transactions and social media baits. Now, they’ve created their own fake hotels and are awaiting unwary guests.
The fake websites usually leverage the names and reputations of famous brands. For instance, if the legitimate company’s domain is sheratonskyline.com, the crooks will likely set up their site on a domain that looks something like sheraton-skyline.com.
Most major companies have purchased all the variations of their domain names to protect themselves against typosquatters, but it’s likely that hotels haven’t taken such fraud sites into consideration.
Unlike phishing sites, these fraud websites aren’t promoted via email or social media spam. Instead, they’re kept secret to ensure that the domain will not be seized by authorities.
Also, such scammy webpages don’t necessarily replicate the design of the genuine hotel.
Users are advised to rely on common sense and a decent security solution to protect themselves against such threats.
The simplest way to identify fake hotel sites is by typing their names into a search engine followed by the words “scam” or “fraud.” In many cases, you’ll find professional advisories or posts published by other users.