Remember the scene from Catch Me If You Can where Leonardo DiCaprio’s character effortlessly convinces people he is someone he is not?
Cybercriminals today are pulling off a similar con—except their stage is the inbox, and their victims are unsuspecting travellers.
A suspected data leak involving hotel reservations booked through Booking.com has triggered a wave of sophisticated phishing attacks targeting Japanese travellers. What makes these scams particularly convincing is that the fraudsters appear to possess accurate booking details, allowing them to create messages cannot be distinguished from legitimate communications.
According to Japanese media reports, travellers have been receiving emails and WhatsApp messages claiming that their hotel reservations have encountered problems.
Some messages warn that booking information has been compromised, while others state that credit card authorisation has failed. Victims are then instructed to update their payment details within 24 hours or risk having their reservations cancelled.
In November last year, researchers uncovered a large-scale phishing campaign linked to a Russian-speaking threat actor targeting hotel guests.
The group registered more than 4,300 domains impersonating travel brands such as Booking.com, Expedia, Agoda, and Airbnb. Victims received fake reservation emails urging urgent payment verification, leading them to fraudulent websites designed to steal credit card and personal information.
The information potentially exposed in travel-related data breaches often extends far beyond booking details. According to industry data, the most compromised records include phone numbers and email addresses, followed by full names, dates of birth, and residential addresses. Credit card information, passport details, and travel itineraries are also at risk.
Staqo: A Safe Travels Starts with Secure Technology
As hospitality and travel businesses face rising phishing, booking fraud, and data theft risks, Staqo helps secure the digital guest journey through cybersecurity assessments, SOC operations, cloud security, compliance, governance, and employee awareness programs.
Alongside developing hotel booking platforms and immersive travel applications, Staqo builds cyber resilience that protects guest data, payment systems, and booking infrastructure from evolving threats.