• Changing RCF's index page, please click on "Forums" to access the forums.

I finally fell for a phishing scam.

Do Not Sell My Personal Information
Rich

Rich

Saucin'
Joined
Jul 5, 2010
Messages
45,545
Reaction score
69,529
Points
148
Honestly, I'm being hard on myself in that title.

Here's the story. Booked a hotel for next month on booking.com. Earlier today, I get an e-mail from booking.com saying I needed to verify my credit card info. I did.

Get an e-mail a few hours later from a representitive of the hotel saying they aren't sure why these -emails are going out, my info was already verified, and to not click any links.

Well, too late.


Here's the deal. The initial e-mail came from the SAME place that the second one did. And the rep told me, later, she was using booking.com's "extranet" to message me. Well, so was the scammer. ANd the scammer had all of my reservation info. Where I was staying, when I was arriving, my confirmation number. They even had my note I wrote in the "special request" section when I booked the hotel.

So, really, not so much of a phishing scam as it is booking.com is clearly data breached and me warning you guys..don't use booking.com
 
Damn I really like booking. Good to know
 
Rich said:
Honestly, I'm being hard on myself in that title.

Here's the story. Booked a hotel for next month on booking.com. Earlier today, I get an e-mail from booking.com saying I needed to verify my credit card info. I did.

Get an e-mail a few hours later from a representitive of the hotel saying they aren't sure why these -emails are going out, my info was already verified, and to not click any links.

Well, too late.


Here's the deal. The initial e-mail came from the SAME place that the second one did. And the rep told me, later, she was using booking.com's "extranet" to message me. Well, so was the scammer. ANd the scammer had all of my reservation info. Where I was staying, when I was arriving, my confirmation number. They even had my note I wrote in the "special request" section when I booked the hotel.

So, really, not so much of a phishing scam as it is booking.com is clearly data breached and me warning you guys..don't use booking.com
Click to expand...
Maybe.

It could also be the hotel. I'm sure the hotel has a login to booking.com and can message from there.

It'd be like if a company used Salesforce, and you got an email from that company from their Salesforce portal because someone got the username/password to login with.

The fault isn't on Salesforce--the fault is on the company and employee who created the vulnerability. Salesforce just happened to be the platform that the compromised party was using.
 
Out of the Rafters at the Q said:
Maybe.

It could also be the hotel. I'm sure the hotel has a login to booking.com and can message from there.

It'd be like if a company used Salesforce, and you got an email from that company from their Salesforce portal because someone got the username/password to login with.

The fault isn't on Salesforce--the fault is on the company and employee who created the vulnerability. Salesforce just happened to be the platform that the compromised party was using.
Click to expand...

Yea, I was thinking this too, but I did find an awful lot of people over the last 3 or 4 months online who have suddenly had similar experiences with booking.com.

Now, if I searched for the same shit via other travel sites, I might find that too. I dunno.

So, yea, someone from the hotel could have fallen for a phishing scam and allowed hackers to log into the portal through them.

It's not out of the realm.

Admittedly, I did have one chance to catch before "verifying" my credit card. The price was in euros, not dollars.

Even then, I still might have talked myself into it considering all of the above that they had access to.
 
I just got one from "USPS" I was really skeptical, but the site looked identical to the real one and said USPS.

I took the tracking number they gave me though and went to google, did not come back as a valid tracking number.

It gets more sophisticated all the time.

It said there was a mistake in my address and the zip was one number off. Pretty convincing. Like I could have misstyped that
 
Rich said:
Yea, I was thinking this too, but I did find an awful lot of people over the last 3 or 4 months online who have suddenly had similar experiences with booking.com.

Now, if I searched for the same shit via other travel sites, I might find that too. I dunno.

So, yea, someone from the hotel could have fallen for a phishing scam and allowed hackers to log into the portal through them.

It's not out of the realm.

Admittedly, I did have one chance to catch before "verifying" my credit card. The price was in euros, not dollars.

Even then, I still might have talked myself into it considering all of the above that they had access to.
Click to expand...
Oh yeah for sure. I only raised the possibility of it being the hotel's issue because you said it was booking.com

Odds are a low-level, underpaid, overworked employee either at the hotel or at booking.com's contact center was compromised. It's likely not any sort of technical issue at either location. Just people are the easiest thing to hack.
 
My friend was one of the first people to almost get scammed buying a car online. Basically it was the usual story of out of town but they would ship it and wire the money but no one had heard of anyone doing this yet. He got photos and a picture of the title. Then got the money together and was ready to wire it. He worked for a financial institution so he was going to wire it from work and his co-worker pointed out that it was an offshore account. That throw up the red flag and he didn't do it.

Over the next year or two that scam became very normal but no one I knew had every seen it. The car wasn't extremely cheap it was just on the cheap side of the scale for what it was.
 
Rich said:
Honestly, I'm being hard on myself in that title.

Here's the story. Booked a hotel for next month on booking.com. Earlier today, I get an e-mail from booking.com saying I needed to verify my credit card info. I did.

Get an e-mail a few hours later from a representitive of the hotel saying they aren't sure why these -emails are going out, my info was already verified, and to not click any links.

Well, too late.


Here's the deal. The initial e-mail came from the SAME place that the second one did. And the rep told me, later, she was using booking.com's "extranet" to message me. Well, so was the scammer. ANd the scammer had all of my reservation info. Where I was staying, when I was arriving, my confirmation number. They even had my note I wrote in the "special request" section when I booked the hotel.

So, really, not so much of a phishing scam as it is booking.com is clearly data breached and me warning you guys..don't use booking.com
Click to expand...
Wow. This confirms my approach of booking directly with the hotel. Of course, they can be hacked too.
 
I finally fell for a fisting scam myself.

My asshole will never be the same.
 
We can just finish the transaction in gift cards if it’s easier for you?
 
You must log in or register to reply here.

Rubber Rim Job Podcast Video

Episode 3-14: "Time for Playoff Vengeance on Mickey"

Rubber Rim Job Podcast Spotify

Episode 3:14: " Time for Playoff Vengeance on Mickey."
Top