Summary
A social engineering campaign on Twitter impersonates Booking.com customer support to execute account takeovers and financial fraud through unverified accounts, WhatsApp calls, and Google Forms.
Take Action:
Be VERY careful of unexpected replies that appear to come from "Customer Support" accounts on social media. Fake, unverified, or hijacked accounts are how this scam spreads. Don't rush, don't fill out refund forms hosted on free cloud services, and NEVER read a One-Time Password (OTP) or login code over the phone. If you do, this can silently hand attackers full access to your reservation account without ever needing your password. Legitimate companies never use Google Docs for payment processing.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)