ING Bank Romania and the National Cyber ​​Security Directorate (DNSC) are warning all card users about a new phishing campaign targeting online hotel and other accommodation booking platforms.

In the first step, attackers try to gain access to the owners’ account on online booking platforms. In this regard, they may send an email from a potential “customer” in which they insert a fraudulent link to convince potential victims to enter their personal details on a website controlled by the attackers.

The bet of fraudsters is to take control of the account. They then extract the details of those who made the booking, such as their names, booking details and payment methods.

Attackers use stolen data to send messages on behalf of owners asking customers to enter their bank details to confirm a booking or validate a card. Otherwise, they are threatened with cancellation of the reservation. A fake page that imitates the official site may already contain their personal data. If they enter their card details, victims will effectively provide them to the attackers.

Attackers are getting smarter and using more sophisticated tactics, but we can see certain common elements, such as creating a false sense of urgency

The victim is obliged to perform a certain action in order not to lose the reservation or suspend the account. But when he filled out the form with his personal data, he became the victim of a phishing attack.

“Online criminals will always try to adapt their attack scenarios to the current context. Since Black Friday, we have been bombarded with offers, promotions, fake contests, in which criminals masquerade as online stores, banks, digital services, courier services or even government agencies to convince users to provide their sensitive data under various pretexts, in each specific case. . As regular users, we don’t need to panic about potential threats because protecting our data online is quite simple if we bring the principles of physical security to the online environment.

First of all, we should not act hastily, focusing solely on what we are doing at that moment on the Internet, especially if we are going to enter data and ask ourselves the right questions when we receive an unwanted SMS, message or email, even if it comes from a known account. If we want to make an online purchase in the near future, or perhaps we want to book our dream accommodation for our next vacation, we recommend doing so on trusted sites with good reputations that have good customer reviews,” he said. Mikhay. Rotariou, DNSC Communications, Marketing and Media Coordinator.

Fake investment opportunities and get-rich-quick promises

Next, a common scheme used by cybercriminals involves fake investments and get-rich-quick opportunities. Criminals create phishing pages in order to manipulate victims into transferring funds to their virtual wallet on various investment platforms.

In addition, under the pretext of installing an investment application, fraudsters try to gain full control over the device and require the installation of applications (for example, AnyDesk) that allow them to remotely access the device from anywhere along with all its information (installed applications, messages, documents ).

“Investment opportunities” are distributed by fraudsters through advertisements on the Internet, on social media platforms or through search engine ads. For added believability, the attackers also provide fake testimonials about other customers who have “become rich” through their schemes. At the same time, in order not to arouse suspicion, they are initially offered small investments, but later these amounts become larger and larger.

In the past, grammatical errors and inappropriate expressions have been hallmarks of phishing campaigns. With the advent of artificial intelligence platforms that translate or prepare texts based on requirements, fraud attempts are becoming increasingly difficult to detect.

Tips from ING & DNSC to prevent online fraud:

1. Be suspicious if you receive alarming messages or emails trying to convince you to take urgent action: “your booking will be canceled in 24 hours”, “your account will be suspended”.

2. Never open links or attachments from unknown sources if the message is unexpected or if you suspect something is wrong. Contact the platform team through another communication channel to verify the authenticity of the message.

3. Do not install programs at the request of alleged investment agents, giving them control over the device, mobile phone or computer being used. Attention: after that, they will have full access to bank accounts, personal data and will be able to perform any operations!

If you need help with the transaction, contact the bank.

4. Use tools that are freely available on the Internet to determine how safe a site is to make purchases (scamadviser.com), whether a link or attachment is safe to access (virustotal.com), or any of your accounts the Internet has been compromised by hackers (haveibeenpwned.com).

5. Make sure you are not on a clone site that looks similar to the official one but uses a different or misspelled domain name (a missing or extra letter can be a clue).

6. Never log into the Internet Banking program using a link received via SMS or e-mail, and do not follow advertising links. Simply use the app installed on your mobile phone or enter the app’s URL on a new web page.

7. Be wary of online offers that seem too good to be true. If they contain phrases like “guaranteed profitable investments” or “unquestionable profits”, they are most likely from scammers.

8. Never complete a transaction until you are sure it is what you want. Carefully read the SMS message received from the bank, and be sure to confirm the desired operation.

To recognize online fraud attempts and avoid falling victim to them, keep yourself informed about them from reliable sources such as the DNSC website and the security section of the ING Bank website.