The Hotel Scam
by George Pacheco
During my utilization of social network, I have seen lots of different scams being applied. This one is very have been very common since the pandemic crisis and target people that need a vacation and go out a bit, mostly everyone!
There scam change a bit from criminal to criminal. I will try to give a broad analysis but keep in mind that the methods can differ a bit in each case.
Normally you are checking any social network and someone from a hotel or resort reach you informing that you could pass some time in their place with discount. They share the site, phone number, address, and everything. Here, the scammer could request your mobile to validate the offer or just confirm your interest in a lovely weekend by making a reservation by payment. I will check both situations:
1) Mobile phone and WhatsApp: As soon as you give your mobile phone you will receive a SMS code requesting the confirmation. He will request that code to make the “validation” of your reserve. But the code is your WhatsApp code to set it up in a new mobile. That is all that the scammer needs to hijack your application and start to make other scams. Another variant is sent you a link to fill up a form to make the reservation. Here the link could be a trojan to hijack your mobile. Both scenarios are dangerous and could give anyone some headache.
2) Fake Registration: In this method the scammers create a complete fake profile with a very close name from a real resort or hotel. They took real pictures, try to use very similar name, with same address or a very close one, email, phone and they can even copy a review list from original place. They make everything as near as possible, so they did not need to contact you... you will do it by yourself. You will contact them thinking you are in contact with the original resort/hotel. After negotiating with them your travel and make the deposit in the account indicate by them you will receive a reservation ticket. All appears to be in order and good to go. Until you arrive at the hotel. There you will be informed that you have never done any reservation. The emails and all the negotiation were a fake. Even the reservation ticket has no validation, it is a fake. The fake profile does not exist anymore, your money is lost and your deserved vacation is ruined.
What can we do to protect ourselves from such kind of scams? Here I list some points we need to be care about:
1) Never trust internet. The same information must exist in other sites. So, if you find a profile from a resort/hotel check internet for other sites. Check if the email and telephone number is equal. Verify if the address and the date of the reviews. It is a boring job but can save money and time.
2) There is no authorization, registration, validation, or anything similar that any third part must do sending code by SMS. Please be aware every time someone request a code sent by SMS.
3) Be alert if anyone request a payment for a hotel/resort in the name of a person. These companies have corporate accounts. In doubt call the bank and verify if it is a personal or corporate account.
4) Never be in a rush to make decisions. The scam will try to press you to make wrong decisions. Be alert from any thing like: “Need your deposit right now or you will lose the promotion” or “Pass me the code or I can’t keep the price”. When the real companies make offers, they keep it for weeks.
5) Verify the site indicated on the profile. The real companies have good and functional sites. If you access a page that have links that don’t work, buttons that do nothing, have errors or outdated information be alert. Also, never download anything from those sites. Could be a malware.
6) About malwares, never ever download anything they send for you. The real companies do not need to send links or applications for you. They have valid sites or channels to do that.
I hope these tips could help instruct you to be safe from this kind of scams that are very communes nowadays. But there is another one very important. In doubt never do anything. Call an expert in IT Security to check and verify the profile. And if you get any loss because of a fake profile look for help with local authorities. They could be able to help.
Be safe and secure your data and privacy!
About the Author:
George Pacheco - I am a computer forensic analyst and DPO specialist. Also, I am a cybersecurity and cybercrimes specialist.