Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 136 - August 2012 (1st Edition) - Page 9

Hotel Booking Confirmation Malware Emails

Issue 136 Start Menu

Previous Article            Next Article

Notification emails purporting to be from claim to be hotel room booking confirmations and urge recipients to open an attached file to view reservation details.

Brief Analysis
The emails are not from and they are not genuine hotel room reservation notifications. The attached file contains malware that can infect the recipient's computer.

Bookmark and Share
Detailed analysis and references below example.

Last updated: July 24, 2012
First published: July 24, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Subject: Hotel booking confirmation

Booking confirmation 7356993432

Date: Monday , 23 July 2012

We have received the reservation for your hotel.

Please refer to attached file now to acknowledge the reservation and see the reservation details.

Arrival: 29 July 2012

Number of rooms: 2

If you have any questions regarding this reservation, please feel free to contact us. Telephone: English support [removed], Spanish support [removed]; Fax 1 866 814 1719; Email: [removed]

Yours sincerely,

Subject: Reservation Confirmation (4XQVC)

Hotel Confirmation: 0670206

Date: Tue, 24 Jul 2012 10:08:02 +0900
Here with you receive the electronic reservation for your hotel.

Arrival: Saturday, July 28, 2012
Departure: Sunday, August 05, 2012 Number of rooms: 1
Sincerely, Customer Service Team

Your Reference ID is: YPVFX

The reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.

Detailed Analysis
Messages purporting to be hotel room booking confirmation emails are currently being distributed to inboxes around the world. The messages, which claim to be from online booking website,, inform recipients that room reservations have been made for a specified date a few days hence. Recipients are invited to open an attached file to view full details of the supposed reservation.

However, the emails do not contain information about a real hotel booking nor are they from Like many previous such attacks, the messages are designed to trick curious recipients into opening an attached file to find out more information about a supposed booking or purchase. In fact, the attachment contains a trojan. Once installed, this malware can collect passwords and other sensitive information from the infected computer and relay it back to a remote server for collection and use by online criminals.

Versions of the malware emails have been distributed since late May 2012 and look set to continue. If you receive one of these fake hotel booking messages, do not open any attachments or click on any links that it may contain.

This malware campaign is similar to an earlier trojan attack that used fake flight ticket confirmation emails that falsely claimed to be from several airline companies.

Bookmark and Share


'Uniform Traffic Ticket' Malware Email
Hotel booking confirmation emails aim to infect your computer. Watch out!
American Airlines Flight Ticket Order Malware Emails
Previous Article            Next Article

Issue 136 Start Menu

Pages in this issue:
  1. Facebook Post - Seven Year Old Shot Saving Mom
  2. Cranky Old Man Poem
  3. Facebook Survey Scam - Free $500 Coles Voucher
  4. Amazon Account Review Phishing Scam
  5. Ellie May Ashley Missing Person Alert (Ellie Has Now Been Found)
  6. 'Private Message' Phishing and Survey Scam Emails
  7. AOL Deactivated Account Phishing Scam
  8. 'Mystery Shopper' Money Laundering Scams
  9. Hotel Booking Confirmation Malware Emails
  10. Chase Online 'Unconfirmed Payment' Phishing Scam
  11. 'Buddha' Shaped Pears
  12. Yacht Launch Mishap
  13. McDonald's 'Mega Promotion Award' Advance Fee Scam
  14. Intuit "Payroll Processing Request" Malware Email
  15. Facebook Survey Scam - Bestbuy Gift Card
  16. FBI Arrest Warning Advance Fee Scam