Tag: bank

Categories
Ξ TREND

Beware of Booking ads that encourage you to continue booking via Telegram: it is a scam that chases your bank details


Booking accommodation through the Internet has revolutionized the way we travel, providing us with ease and comfort… but also multiplying threats: recently, a new fraud method has been identified related to the Booking platform… and the Telegram messaging application. .

What is the scam?

1/ Announcement in Booking

Scammers often post ads that capture the user’s attention immediately. These listings may offer accommodations in popular locations, with high-quality photos and amenities that exceed expectations, all at prices that may seem (and are) too good to be true.

In most cases, these ads appear as newly published on the platform, this is only to reduce the possibility of previous comments appearing that could alert potential new victims to the scam.

via Damn Timo

2/ Contact via Telegram

Instead of allowing users to follow the usual procedure and book their accommodation directly on Booking, the scam ads instruct interested parties to contact the “host” outside the platform, specifically through Telegram.

The objective of asking users to communicate outside the original platform is simple: this way, scammers evade the platform’s security and verification mechanisms.

3/ Fraudulent link

Once on Telegram, the supposed host will provide a link for the reservation. This link leads to a page that, at first glance, appears to be that of Booking, but is just an imitation that cleverly captures the design, colors and logo of Booking, which can easily confuse less experienced users or those who They are not familiar with online scams.

Beware of that fraudulent URL

4/ Request for bank details

The fraudulent website will request payment details to complete the reservation. This will include sensitive information such as the cardholder’s name, card number, expiration date and security code.

The true purpose of the scam is to obtain these banking details so that once the scammers have this information, they can make unauthorized transactions, emptying accounts or racking up significant charges.

This modus operandi is a reminder that it is always advisable to verify, reconfirm and – if something seems suspicious – trust your instincts and proceed with caution.

What should we pay attention to?

  • Suspicious link: Although the cloned website may appear identical to Booking’s, it is likely that the URL is different from the official one ( vs ).
  • External communication: Booking recommends making payments and communications only through its platform, thus guaranteeing security in the transaction.
  • Inactive Terms and Conditions: The fraudulent website could have broken links or links that lead nowhere.

Tips to avoid being a victim of this scam (and similar ones)

  • Be wary of excessively low prices: If a deal seems too good to be true, it probably is.
  • Pay attention to spelling mistakes: Many scams, especially those that use machine translators, contain grammatical or spelling errors.
  • Verify the existence of the property: Use tools like Google Street View to verify that the accommodation actually exists.
  • Use secure payment methods: Avoid making payments outside the Booking platform or using unconventional methods.

What if you were already a victim?

  • Save evidence: Keep a record of all message exchanges and transactions.

  • Notify your bank: If you have given cyber scammers your bank details, notify your banking institution immediately.
  • Complaint: Inform the booking platform and also file a complaint with the corresponding authorities.

Categories
Ξ TREND

The Russian authorities want to collect data on IP addresses and bank cards from passengers of air and railway companies


The Ministry of Transport has prepared a draft order on a new procedure for the formation of automated databases of personal data on passengers and personnel (crew).

According to it, from September 1, the corresponding data must be transmitted by carriers in air, water and rail transport, as well as road transport for intercity and international traffic (except for flights between Moscow and the Moscow region, St. Petersburg and the Leningrad region). What will be included in the list of data:

• information about bank cards (last 4 digits, bank name)
• IP addresses
• telephones
• email addresses
• logins and passwords for accounts on the carrier’s website or application
• ticket price
• class of service

The information will be fed into the unified state information system for transport security (USIS OTB). Its operator is the Federal State Unitary Enterprise of the Ministry of Transport “Zashchitainfotrans”. Rosaviatsiya, Rostransnadzor, the Ministry of Internal Affairs and the FSB have access to it.

At the same time, the Association of Air Transport Operators (AEVT) in its response to the project indicated that some of the additional data about passengers, including account login and password, are “confidential information, and therefore cannot be disclosed without the consent of the subject of such data.”

AEVT noted that the new requirements do not comply with established ICAO recommendations and standards. The current standard, ICAO (Doc 9944) Guidelines for Passenger Name Records (PNRs), “directs States not to require or hold an operator responsible for providing PNR data that is not already collected or contained in its reservation system.” AEVT asked the Ministry of Transport to finalize the project.

The assessment of the benefits is also not very clear, since a person can reach the booking stage on one device, continue purchasing from another, for example, from a mobile device, and carry out all these actions using a VPN.

— Smartavia

Smartavia supported AEVT. Russian Railways and other airlines declined to comment.

According to a Kommersant interlocutor close to the Ministry of Transport, the document will no longer be finalized. (Kommersant)