We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,818 News Articles

Beware of 'wrong transaction' hotel spam

Spam messages about mischarged hotel expenses lead to fake antivirus

If you get an e-mail message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it's part of a new spam campaign that could infect your computer.

The messages started popping up in recent days and there are already hundreds of variants on the same theme: A hotel wrongly charged a credit card number and the victim is supposed to fill out an attached form to process the refund.

"Please see the attached form. You need to fill it out and contact your bank for return of funds," read one such message, titled "Hotel Breakers Palm Beach made wrong transaction."

The 'refund' form is actually a malicious Trojan horse program that installs fake antivirus software on the victim's computer, according to Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, who blogged about the spam messages Wednesday.

His group, which maintains a massive real-time database of spam messages, has received more than 800 copies of the spam. That's not a lot of messages, but the campaign is still new.

The messages seem to be coming from the same botnet of infected computers that recently sent out similar messages warning victims that their credit card payments were overdue. Those messages led to the fake antivirus downloads too, Warner wrote in his blog post.

It's standard operating procedure for spammers to alter their messages now and then to trick new victims.

But any unsolicited message that includes an attachment should always be treated as suspicious.

Fake antivirus software is a major annoyance. It points out bogus security problems on a victim's computer and keeps pestering them until they pay out money -- usually between US$40 and $120 -- to buy the fraudulent antivirus product.

Consumers who aren't sure whether these messages are legitimate should use Google to find the company's website and then call them, security experts advise.

And while many antivirus products will detect the malicious attachments used in this latest spam, the criminals change their malicious software so frequently that it's hard for the security companies to keep up. As of late Wednesday, only 19 out of 43 antivirus products used by the VirusTotal website detected this latest Trojan program.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'