Agoda treats the security of partner and customer data with the utmost seriousness. We value the trust and loyalty of our hotel partners and customers and are committed to safeguarding their data and privacy. As such, Agoda leverages industry-leading technology to monitor, detect, and block potentially suspicious activity.

We have observed the use of targeted phishing emails and malware attacks against some of our hotel partners. While the security breach was not on Agoda’s platform and our backend systems and infrastructure have not been compromised, some of our hotel partners have been affected. As cyber-attacks are increasingly sophisticated, following some simple best practices can help to reduce the risk of falling victim to online frauds and scams that target hospitality platforms.

In the following article, you will learn how you can protect your hotel and your customers from cyber-attacks by ‘threat actors’ (those who exploit vulnerabilities in computer systems via phishing, ransomware, or malware attacks).

What is the current scam impacting the travel industry and beyond?

The latest cyber-attack compromises a hotel’s IT infrastructure by installing spyware. The threat actors then steal the hotel’s credentials to access other platforms and masquerade as the hotel to defraud their customers by sending phishing links to extort money.

How are threat actors conducting the cyber-attack?

1. A hotel receives a fake booking from the threat actor (via a trusted partner or as a direct booking).
2. Using this fake booking as a cover, the threat actors contact the hotel, sending a message containing a malicious link.
3. If the hotel clicks on this link, malware is then automatically downloaded onto the hotel’s IT system. This malware is a spy software that records and steals the hotel’s credentials, including the credentials to access Agoda’s (or any other third party’s) messaging platform and YCS system.
4. Using the stolen credentials, the threat actors access the third party’s (for example Agoda’s) messaging platform and, acting as the hotel, reach out to customers who have booked with that hotel.
5. The threat actors use the third party’s messaging platform to send a message to the customers with bookings, asking them to click on a malicious link and to provide their payment information, often threatening to cancel the booking if they do not make the payment using the malicious link.
6. When the customers click on the malicious link, they land on a fake website imitating Agoda’s or a third party’s website.
7. If the customers provide their payment information through these malicious links, the threat actors then have access to this information and use it to carry out fraudulent transactions, deceiving the customers.
8. Please note that as a hotelier, you are unlikely to be aware that this is happening. As these transactions are not conducted on Agoda’s platform, we do not have visibility either. We are only aware that this has occurred when a customer reaches out to our customer support team.

How can you protect your hotel and your customers’ information?

1. Be vigilant and educate your team members about this scam/cyber-threat to help protect your business.
2. Deploy and run the latest anti-virus scanning software on your IT systems.
3. Enable YCS multi-factor authentication (MFA) on your phone instead of your computer. If the threat actors control your computer, they will also be able to retrieve the OTP (confirmation password) sent to your email inbox. However, if the OTP is sent to your phone, the threat actors will not be able to access the OTP, further blocking them from accessing the YCS platform.
4. If you receive a message or email that seems suspicious, do not click on any links or download any attachments. Some of the recent themed topics of phishing messages include:
   • Customers complaining about allergies in the hotels
   • Customers threatening a lawsuit because of alleged discrimination
   • Customers claiming discrimination against wheelchair users
   • Customers seeking help to find the actual location of the hotel, claiming to need assistance because they are old. While these could be also message topics from legitimate customers, the major difference is that after explaining their case, the “guest” will ask the hotel to download and open a .zip or .rar file from a common cloud provider like Google Drive, Mega Dot NZ, Dropbox, etc.
5. If you suspect your hotel has received fraudulent messages, please contact your Agoda account manager directly.

How should you respond if you are impacted by this scam/cyber-theft?

We strongly urge you to take all relevant measures to protect your Agoda account information. However, if your account is compromised, we recommend you to:

1. Notify Agoda via your Agoda account manager
2. Reset both your email password and Agoda account password
3. Avoid using the same password for multiple accounts
4. Perform a virus/malware scan on your systems
5. Ensure that phishing and/or spam messages are not being sent from your accounts

If we have detected abnormal patterns in your login attempts and/or usage of our messaging platform, as a precautionary measure we will reset your password and temporarily disable your access to YCS platform. We will restore your access upon receiving your confirmation.

FAQs