The recent Booking.com WhatsApp and text fraud operation showed precisely what criminals can do with enough data at their disposal.
According to the media reports in the aftermath of the Booking.com WhatsApp and text issue, criminals were looking to reap hundreds of thousands of pounds in ill-gotten gains by duping people into thinking they were Booking.com by using personalised messages that were said to have looked genuine, and included personal data.
Some people reportedly fell for the scam and lost money as a result, and we understand that Booking.com has committed to compensating victims.
Booking.com WhatsApp and text fraud operation came as no surprise to us
The massive Booking.com WhatsApp and text fraud operation came as absolutely no surprise to us at all. We’ve been saying for years that it only takes a little bit of compromised data to be able to pull off a successful criminal scam of this nature.
Criminals have been doing it off the back of the TalkTalk data breach for years.
In this case, it’s understood that the messages sent by the fraudsters contained personal data like names, addresses, telephone numbers, and even booking dates, prices and references.
Although Booking.com say that their own systems were not compromised, the personal data must have come from somewhere. If it was gleaned from a hack or a data breach, the Booking.com WhatsApp and text fraud operation shows exactly what we worry about; personal data being used to target specific people in an effort to pass off as the genuine article.
Nowadays, receiving an email with your full name on it is barely alarming; but when it contains a wealth of personal data, it’s easy to see how people can end up being deceived.
How did the Booking.com WhatsApp and text fraud operation roll out?
The Booking.com WhatsApp and text fraud operation involved a spurious claim that a security breach had taken place and a payment needed to be taken immediately. People were contacted via text message and via the popular social messaging platform, WhatsApp, with personal data that was enough to cause some to fall for the scam.
Where the personal data obtained for the Booking.com clients stemmed from appears to be unknown for now. It has to have come from somewhere, and if the messages contained booking dates, prices and references, the data must have been taken from some platform that’s directly related to Booking.com, you would assume.
No breach is too small!
The Booking.com WhatsApp and text issue was a clear example that no breach is too small. It only takes a little bit of information for a hacker to be able to turn a data breach victim into a fraud victim.
When you look at how many hacks and data breaches there have been recently, you can see how easy it is for criminals to build a profile of victims. The Equifax data breach we’re helping victims claim for could have allowed personal data and some financial data to be comprised and the recent Ticketmaster claims we’ve launched may also have furnished criminals with personal records and payment data.
No breach is too small. The Booking.com WhatsApp and text fraud operation proves this.