Daniel Fonseca Yarochewsky

 •  1 minute read

Bad Trip: Fake travel sites abuse search ads to commit fraud and credential theft

By Daniel Fonseca Yarochewsky

In this article, an ingenious but shameful malvertising campaign is revealed by our threat intelligence team, which involves the creation of fake hotel booking websites that generate revenue through cloaked call centers. It’s the mobile phone version of cloaked, forced redirect ads. Scammers set up a series of bogus hotel landing pages using templates with stolen addresses to draw potential victims into calling the phone numbers advertised on the fake sites. When visited using a mobile device the landing pages trigger a Uniform Resource Name (URN) that prompts the victim's device to call a cloaked number, immediately connecting them with the scammers. Despite the lack of clickable buttons on the landing pages, the attackers generate revenue from every call made to their call centers, and often make up to $800 per victim in fraudulent hotel reservation fees.

Read the complete exposé including the unmasked code behind the scams at: https://blog.confiant.com/badtrip-a-chain-of-fake-travel-sites-abuses-search-ads-to-commit-fraud-and-credential-theft-2d794ad90fb7


Not part of the Confiant customer community yet? Request a free trial today.