Booking.com Scam

The Booking.com scam is a phishing attempt designed to deceive individuals into divulging sensitive information or installing malware onto their computers. This scam is often disguised as a legitimate notification from Booking.com regarding a complaint raised by a lodger. The scammers behind this malicious attack use email spam campaigns, deceptive messages, and links to fake websites to trick victims into executing commands that deploy malware. In this article, we will delve deeper into the details of the threat, provide a comprehensive removal guide using SpyHunter, and share preventive measures to help you avoid future infections.

Booking.com Scam Overview

This phishing scam typically involves an email that appears to be from Booking.com, a popular online travel agency. The email may look like an official notification regarding a complaint raised by a lodger about a past stay at a hotel. The email encourages the recipient to open an attachment and review the complaint, often by clicking on a link provided within the message.

Threat Summary

Category	Details
Name	Booking.com Email Scam
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	A lodger has raised a complaint regarding their past stay.
Related Domains	fixecondfirbook[.]info, bookviewreserve[.]com
Detection Names (fixecondfirbook[.]info)	AlphaSOC (Malware), Combo Cleaner (Malware), ESET (Phishing), Kaspersky (Phishing), Sophos (Malware), VirusTotal
Detection Names (bookviewreserve[.]com)	AlphaSOC (Malware), Combo Cleaner (Malware), Certego (Malicious), Fortinet (Malware), Webroot (Malicious), VirusTotal
Disguise	Notification from Booking.com
Symptoms	Generic greeting, urgent language, suspicious links, grammatical errors.
Distribution Methods	Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage	Loss of sensitive private information, monetary loss, identity theft.

Fake Booking.com Email Content

The scam emails typically feature a message like the one below, designed to look legitimate but containing malicious links:

---

Booking.com

Dear Hotel Team,

A lodger has raised a complaint regarding their past stay at your property. The complaint includes details about incidents involving your team and accommodation.

You can go through the submitted grievance and get in touch with the customer at your earliest convenience to respond to their grievances by clicking the link provided.

View Complaint

We politely ask that you handle this complaint as soon as possible to ensure a satisfactory resolution for both involved parties.

If you seek any guidance, please do not wait to get in touch.

With best wishes,
The Booking.com Team

© 1996-2024 Booking.com. All rights reserved.
This email was sent by Booking.com, Oosterdokskade 163, 1011 DL, Amsterdam, Netherlands.

---

The link or attachment in the email often leads to fake websites that attempt to steal personal information or use the ClickFix technique to deploy malware on the victim’s system.

Understanding the ClickFix Tactic

The ClickFix technique is a social engineering tactic designed to lure victims into running malicious commands. After clicking on the link or opening the attachment, the victim is often tricked into copying and executing a command via PowerShell or the Run command. This command typically installs malware like Lumma Stealer, a type of information-stealing Trojan, which can compromise the victim’s sensitive data.

Symptoms of Infection

Victims of this scam may experience the following symptoms after infection:

• Unusual system behavior: Sluggish performance, frequent crashes, or unauthorized access attempts.
• Unwanted pop-ups: Increased occurrences of pop-up ads or rogue pop-ups asking for personal details.
• Suspicious network activity: Detection of unfamiliar processes or communications from the infected device.
• Missing or corrupted files: Files or documents that are inaccessible or appear altered after the malware execution.

Damage Caused by the Booking.com Scam

The Booking.com scam can lead to various types of damage, including:

1. Loss of personal information: The malware can steal sensitive data such as login credentials, banking details, and other private information.
2. Monetary loss: Identity theft and unauthorized access to financial accounts may result in financial theft.
3. Reputation damage: If personal information is misused, it can lead to damaged reputations for businesses or individuals.
4. System compromise: Malware can corrupt or destroy files, making recovery difficult.

How the Scam is Distributed

Scammers distribute the Booking.com scam through several methods:

1. Deceptive emails: The primary method of delivery is via email, where the scammer masquerades as Booking.com, trying to induce urgency.
2. Rogue pop-up ads: Fraudulent ads that appear on websites, directing users to fake sites.
3. Search engine poisoning: The manipulation of search engine results to direct users to malicious sites.
4. Misspelled domains: Fraudulent domains that resemble legitimate ones to trick users into visiting fake websites.

Removing the Booking.com Scam

If you’ve fallen victim to the Booking.com scam, the following steps will guide you through the process of removal using SpyHunter, a powerful anti-malware tool.

Step 1: Install SpyHunter

1. Download SpyHunter.
2. Install the software by following the on-screen instructions.
3. Once installed, open SpyHunter and let it perform an initial scan of your system.

Step 2: Scan for Malware

1. Open SpyHunter and choose the Full Scan option.
2. The software will automatically check all files and system processes for potential threats.
3. If any malware is detected, SpyHunter will highlight it in the scan results.

Step 3: Remove Detected Threats

1. After the scan completes, review the detected threats and select the ones you want to remove.
2. Click Remove Selected to eliminate all identified malware and infections.

Step 4: Clean Up Your System

1. Use SpyHunter’s System Cleaner feature to clean residual files that may have been left behind by the malware.
2. Restart your computer to ensure all threats are fully eradicated.

Preventive Measures to Avoid Future Infections

To prevent falling victim to similar scams in the future, consider the following preventive measures:

1. Be cautious with email attachments: Never open attachments or click links in emails from unknown or suspicious sources.
2. Use anti-malware software: Keep a reliable anti-malware program like SpyHunter running to detect and block malicious threats.
3. Verify email sources: Always verify the authenticity of emails that seem urgent or suspicious, especially if they contain grammar errors or generic greetings.
4. Update your system regularly: Ensure that your operating system and software are up-to-date to protect against known vulnerabilities.
5. Enable two-factor authentication: For sensitive accounts, enable two-factor authentication to protect them from unauthorized access.

---

This comprehensive guide offers both detailed information on the Booking.com scam and a step-by-step process for removing it with SpyHunter. By following the preventive measures outlined above, you can protect yourself and your system from future scams and malware infections. Stay vigilant and safeguard your personal information!