This article is more than
1 year oldWhen a cyber-criminal sent Isabel Wagner an email, pretending to be the hotel she'd just booked, it's unlikely that the would-be fraudster knew who she was. Wagner, an associate professor in cyber security at Switzerland's University of Basel, has devoted her career to researching how to keep personal data private. She wasn't going to be an easy mark.
"Congratulations on your new booking!", the email read. "To ensure the successful confirmation of your booking, please take the following step by clicking the provided link. As a safeguard for your reservation, the system temporarily earmarks funds, which will be requested at check-in. Rest assured that these funds will solely be used to secure your reservation, and payment will be due upon your arrival."
The email appeared to come through the Booking.com system, which she'd used to place the reservation, and it used Booking.com's logo. Still, Wagner wasn't convinced. The email didn't address her by name. The link it tried to send her to, which wasn't a booking.com link, wasn't clickable: she would have had to copy and paste it.
And there was the small matter of the warning she'd received right after making her original Booking.com reservation. "Please note that we never send you… requests for any payment with a QR code and/or a link", the email – which actually was from her hotel – had read. "If you receive any message about these subjects please ignore the message, keep secret your private information details and contact Booking.com customer service care".
Read More (...)
Newer articles