{"id":2004,"date":"2019-04-06T19:33:53","date_gmt":"2019-04-06T19:33:53","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2004"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Hotel-Booking-Confirmation-Malware-Emails","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2004","title":{"rendered":"Hotel Booking Confirmation Malware Emails"},"content":{"rendered":"<div>\n<h2>Outline<\/h2>\n<p>Notification emails purporting to be from Booking.com claim to be hotel room booking confirmations and urge recipients to open an attached file to view reservation details. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<h3 class=\"noMargin\">Brief Analysis<\/h3>\n<p>The emails are not from Booking.com and they are not genuine hotel room reservation notifications. The attached file contains malware that can infect the recipient&#8217;s computer<\/p>\n<h2>Examples<\/h2>\n<div class=\"example\"><a href=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"23846\" data-permalink=\"https:\/\/www.hoax-slayer.net\/hotel-booking-confirmation-malware-emails\/hotel-reservation-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1.jpg\" data-orig-size=\"600,511\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"hotel-reservation-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1-300x256.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1.jpg\" class=\"aligncenter size-full wp-image-23846\" src=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1.jpg\" alt=\"Hotel reservation Malware Email\" width=\"600\" height=\"511\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1.jpg 600w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1-300x256.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1-500x426.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2019\/01\/hotel-reservation-malware-1-585x498.jpg 585w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/div>\n<p>&nbsp;<\/p>\n<div class=\"example\">booking Hotel Confirmation:<br \/>\nPIN:3259<br \/>\nDate Issue: 29\/12\/2014<br \/>\nInformation is required to confirm your hotel reservationGravetye Manor HotelArrival: 06.01.2015<\/p>\n<p>Departure: 11.01.2015<\/p>\n<p>Number of rooms: 1 (non-smoking)<\/p>\n<p>Please do not hesitate to contact us if you have any questions.<br \/>\nBooking.com Customer Service Team<\/p>\n<p>Your Reference ID is: 03390ZZ5<br \/>\nBooking.com  \u2013 anytime, anywhere!<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<div class=\"example\">\n<p><strong>Subject: Hotel booking confirmation<\/strong><\/p>\n<p>Booking confirmation 7356993432<\/p>\n<p>Date: Monday , 23 July 2012<\/p>\n<p>We have received the reservation for your hotel.<\/p>\n<p>Please refer to attached file now to acknowledge the reservation and see the reservation details.<\/p>\n<p>Arrival: 29 July 2012<\/p>\n<p>Number of rooms: 2<\/p>\n<p>If you have any questions regarding this reservation, please feel free to contact us. Telephone: English support [removed], Spanish support [removed]; Fax 1 866 814 1719; Email: [removed]<\/p>\n<p>Yours sincerely, Booking.com<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<div class=\"example\">\n<p><strong>Subject: Reservation Confirmation (4XQVC)<\/strong><\/p>\n<p>Hotel Confirmation: 0670206<\/p>\n<p>Date: Tue, 24 Jul 2012 10:08:02 +0900<br \/>\nHere with you receive the electronic reservation for your hotel.<\/p>\n<p>Arrival: Saturday, July 28, 2012<br \/>\nDeparture: Sunday, August 05, 2012 Number of rooms: 1<br \/>\nSincerely, Customer Service Team<\/p>\n<p>Booking.com<\/p>\n<p>Your Reference ID is: YPVFX<\/p>\n<p>The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<h2>Detailed Analysis<\/h2>\n<p>Messages purporting to be hotel room booking confirmation emails are currently being distributed to inboxes around the world. The messages, which claim to be from online booking website, Booking.com, inform recipients that room reservations have been made for a specified date a few days hence. Recipients are invited to open an attached file to view full details of the supposed reservation. \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p> However, the emails do not contain information about a real hotel booking nor are they from Booking.com. Like many \u00a0<a class=\"norm\" title=\"'Uniform Traffic Ticket' Malware Email\" href=\"https:\/\/www.hoax-slayer.com\/traffic-ticket-malware.shtml\">previous such attacks<\/a>, the messages are designed to trick curious recipients into opening an attached file to find out more information about a supposed booking or purchase. In fact, the \u00a0<a class=\"norm\" title=\"Hotel booking confirmation emails aim to infect your computer. Watch out!\" href=\"https:\/\/nakedsecurity.sophos.com\/2012\/05\/31\/hotel-booking-confirmation-emails-aim-to-infect-your-computer-watch-out\/\">attachment contains a trojan<\/a>. Once installed, this malware can collect passwords and other sensitive information from the infected computer and relay it back to a remote server for collection and use by online criminals.<\/p>\n<p>Versions of the malware emails have been distributed since late May 2012 and look set to continue. If you receive one of these fake hotel booking messages, do not open any attachments or click on any links that it may contain.<\/p>\n<p>This malware campaign is similar to an earlier trojan attack that used \u00a0<a class=\"norm\" title=\"American Airlines Flight Ticket Order Malware Emails\" href=\"https:\/\/www.hoax-slayer.com\/american-airlines-malware-emails.shtml\">fake flight ticket confirmation<\/a> \u00a0emails that falsely claimed to be from several airline companies.<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/hotel-booking-confirmation-malware-emails\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/hotel-booking-confirmation-malware-emails\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline Notification emails purporting to be from Booking.com claim to be hotel room booking confirmations and urge recipients to open an attached file to view reservation details. \u00a0 Brief Analysis The emails are not from Booking.com and they are not genuine hotel room reservation notifications. The attached file contains malware that can infect the recipient&#8217;s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2004"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2004"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2004\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}