Be on your guard against emails that claim to be about a hotel booking that you never made – you could be putting your computer at risk of infection by malware.
Emails have been spammed out claiming to be a confirmation from the booking.com website about a hotel reservation.
Chances are that if you received an email like the following you would be at the very least curious, and might be tempted to click on the attached file.
A typical email reads:
Subject: [Fwd: Hotel booking confirmation 2930566265]
Attached file: Hotel_Reservation_Booking_Com_52524658ID.zip
Booking confirmation 8356693431
Date: Tuesday , 29 May '2012
We have received a reservation for your hotel.
Please refer to attached file now to acknowledge the reservation and see the reservation details.
Arrival: Tuesday, 05 June 2012
Number of rooms: 1
If you have any questions regarding this reservation, please feel free to contact us. Telephone: English support 1 888 850 4649, Spanish support 1 866 938 1298; Fax 1 866 814 1719; Email: email@example.com
Yours sincerely, Booking.com
Of course, opening the attachment would be a big mistake, as the emails don’t really come from Booking.com.
The attached .ZIP file contains a Trojan horse designed to infect your computer. Sophos products detect the malware as Mal/BredoZp-B and Troj/Inject-VI.
Long time readers of Naked Security will be only too familiar with malware attacks associated with hotels. For instance, in the past we have seen attempts to infect computers via emails disguised as hotel credit card transactions.
The advice remains the same.
You should always be suspicious of email attachments that are sent to you out of the blue. Make sure that your anti-virus product is updated, that you have the latest security patches, and tell your friends to think twice before opening unknown attachments.
Woman at hotel reception desk image courtesy of Shutterstock.