TripAdvisor Inc., a hotel-review website, recently became a victim of the bug, said Trend Micro Inc., an Internet security solutions provider. Many of TripAdvisor's users received spam mail with booking confirmations for hotels they had checked out on the website, 1.89% of Indian Internet Users have already been affected.
The email purporting to be in the name of one of the Hotels has a similar theme to its English counterpart as it contains confirmation and details on an alleged booking reservation. TripAdvisor, which is among India's top five travel brands as per digital market research firm ComScore Inc., globally has 60 million unique monthly visitors and 2.4 million unique users per month in India.
Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology
Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.Join Now
Gamarue is a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user.
Trend Micro reported that one of their manager received the spam at his personal e-mail address but the address mentioned in the mail was false as the actual hotel does not even exist in India. This made it clear that it was spam mail and nothing more than that.
"A lot of e-commerce websites pay the price of being popular. Online travel and hotel market has become an attractive target for cybercriminals given the large volume of transactions on hotel and online sites. A frequent traveler who has done a hotel booking or checked reviews recently, in all probability, would be prompted to click that mail. When a user clicks the attachment in this spam mail, the malware known as Gamarue becomes active. It can steal from an affected user any information left behind on the emails and saved on user's system", said Suchita Vishnoi, Head Corporate Communications, Trend Micro.
The online travel and hotel market has become an attractive target for cyber criminals given the large volume of transactions on hotel and airline sites. One should be very smart and cautious while replying to their mails and should always confirm their source. It is a very easy trick, yet effective.