Best Western hack and data leak phishing emails "Your booking is currently being held for you, but it still requires a quick confirmation"

There is an active phishing campaign targeting Best Western customers using stolen booking data. Victims receive WhatsApp messages containing their real name, booking reference, hotel, and dates.

I have:

  • Contacted the hotel chain for further clarification and to find out why they are still leaking data a month or two after the original breach.

  • Reported the business number to WhatsApp

  • Reported the malware to CloudFlare.


Here’s what the scam looks like and how to protect yourself.

Shortly after making a booking I received a WhatsApp message from a US number +1 (564) 261-8249 asking me to confirm the booking, I clicked the link before realising it was a phishing scam which was obvious when presented with a form asking for payment.

The reason it was convincing was that 


  • They send the message on WhatsApp so you'll receive it on your mobile while on the move and won't scrutinise the same was as you would an email.

  • It comes from a business account that WhatsApp referred to as a "Secure Service".

  • The website is protected by CloudFlare.

  • They provide your full name, hotel name, booking dates, and booking reference number.


It appears that there was a data breach a month ago, however the issue persists.


Screenshot of the WhatsApp message
Screenshot of the WhatsApp scam message

Additonal screenshot of the WhatsApp scam message
Additonal screenshot of the WhatsApp scam message


Screenshot of the booking confirmation on the scam site
Screenshot of the booking confirmation on the scam site



The full text of the message can be found here:


Hello David Homer,


We hope you’re doing well. We’re writing regarding your reservation XXXXXX at XXXXXXXXXXX, BW Signature Collection, planned from XXXXXX to XXXXX.


Your booking is currently being held for you, but it still requires a quick confirmation to be fully secured.


Reservation status: Awaiting confirmation

Time remaining: 11 hours 13 minutes




You can complete the confirmation by following the link below:


https://bwh.bestwestern-id-ls19lgt.com/XXXXXXX


Once you open the page, please review your booking details and submit your confirmation. The reservation status will update automatically after completion.


Kindly take a moment to:

 Check that all details are correct

 Complete the confirmation before the time expires

 Keep the page open until the process finishes


Reservations that are not confirmed in time may be automatically released.



Comments

Post a Comment

Popular posts from this blog

SOLVED: Exchange Online Management PowerShell Connect-ExchangeOnline bug "A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles"

Image
This post has been updated here: https://www.centrel-solutions.com/blog/exchange-online-powershell-window-handle-error While you're here why not check out our  Exchange audit and documentation tool ? If you're using the Exchange Online Management PowerShell cmdlets you may notice that the following error: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles This error appears in version 3.7.0 (and persists in version 3.7.1) when the following change was made. Integrated WAM (Web Account Manager) in Authentication flows to enhance security. You notice that this error occurs in PowerShell ISE but not in a PowerShell, the issue also appears in any Windows based applications - for example a WinForms application that tries to execute Connect-ExchangeOnline PowerShell ISE A .NET console application does work correctly. .NET console application While you're here why not check out our  Exchange audit and documentation tool ? The error occurs be...
Read more

Windows Server 2016, 2019, 2022, Windows 10 and Windows 11: Date and time "Some settings are managed by your organization".

Image
When you're using the new "Modern" date and time settings in Windows Server 2016, 2019, 2022, Windows 10 and Windows 11 you may find that you can't set the correct date and time and the value "Some settings are managed by your organization". - While you're here - Why not check out our Windows Server Documentation and Audit Tool? The simplest way around this is to go back to the proper control panel using Start, Run, "Control.exe" and searching for "Set the date".  Within here you can set the date and time manually as required If you try and click the Change time zone button you may again get access denied... To resolve this open an elevated command prompt by right clicking the command prompt and selecting Run as Administrator  From there run the command rundll32.exe shell32.dll,Control_RunDLL timedate.cpl This will open the Data and Time control panel app elevated as an Administrator.
Read more

get-windowsfeature : The given key was not present in the dictionary

Image
When you run the get-windowsfeature cmdlet in PowerShell on Windows Server 2012 you may see the following error get-windowsfeature : The given key was not present in the dictionary. At line:1 char:1 + get-windowsfeature + ~~~~~~~~~~~~~~~~~~     + CategoryInfo          : NotSpecified: (:) [Get-WindowsFeature], KeyNotFoundException     + FullyQualifiedErrorId : System.Collections.Generic.KeyNotFoundException,Microsoft.Windows.ServerManager.Commands    .GetWindowsFeatureCommand This seems to occur if there is a problem in the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache As this is just a cache registry key you can try renaming the key to ServerComponentCache.old and then re-running the PowerShell command or refreshing the view in server manager. This recreates the key and rebuilds the server feature information. - While yo...
Read more