• chevron_right

      Mysterious leak of Booking.com reservation data is being used to scam customers

      news.movim.eu / ArsTechnica · Wednesday, 8 February, 2023 - 13:20 · 1 minute

    Mysterious leak of Booking.com reservation data is being used to scam customers

    Enlarge (credit: Getty Images)

    For almost five years, Booking.com customers have been on the receiving end of a continuous series of scams that clearly demonstrate that criminals have obtained travel plans and other personal information customers provided to the travel site.

    One of the more recent shakedowns happened to an Ars reader who asked not to be identified by his real name. A few months ago, Thomas, as I’ll call him, reserved and paid for a two-night stay scheduled for this July in a hotel in Italy. Here’s the legitimate reservation:

    Last week, out of the blue, he received two emails. The headers show that the first message came from the genuine Booking.com domain. It purported to have been sent on behalf of the hotel in Italy and asked that he click a non-existent confirm button for his upcoming stay. It informed him that the hotel would “also transfer all bookings made from that address to your account.” As phishy as that sounds, the email included his full name, the confirmation number of his reservation, the correct name of the hotel, and the dates of his stay.

    Read 13 remaining paragraphs | Comments

    • chevron_right

      Pig-butchering scam apps sneak into Apple’s App Store and Google Play

      news.movim.eu / ArsTechnica · Wednesday, 1 February, 2023 - 11:00 · 1 minute

    artist rendition of a piggbank with an Apple App Store logo on it about to explode

    Enlarge (credit: Aurich Lawson | Getty Images)

    In the past year, a new term has arisen to describe an online scam raking in millions , if not billions , of dollars per year. It’s called "pig butchering," and now even Apple is getting fooled into participating.

    Researchers from security firm Sophos said on Wednesday that they uncovered two apps available in the App Store that were part of an elaborate network of tools used to dupe people into putting large sums of money into fake investment scams. At least one of those apps also made it into Google Play, but that market is notorious for the number of malicious apps that bypass Google vetting. Sophos said this was the first it had seen such apps in the App Store and that a previous app identified in these types of scams was a legitimate one that was later exploited by bad actors

    Pig butchering relies on a rich combination of apps, websites, web hosts, and humans—in some cases human trafficking victims —to build trust with a mark over a period of weeks or months, often under the guise of a romantic interest, financial advisor, or successful investor. Eventually, the online discussion will turn to investments, usually involving cryptocurrency, that the scammer claims to have earned huge sums of money from. The scammer then invites the victim to participate.

    Read 20 remaining paragraphs | Comments