内容来源：https://lifehacker.com/money/hotel-reservation-scam?utm_medium=RSS

内容总结：

近期，酒店预订平台用户需警惕新型钓鱼骗局。网络安全机构披露，不法分子通过仿冒“Booking.com”或“Expedia”等知名平台，向旅客发送要求“确认付款信息”的欺诈信息，已有大量旅客因误入虚假页面泄露银行卡信息，蒙受经济损失。

该骗局被称为“双重支付”陷阱。诈骗团伙通常通过WhatsApp或电子邮件联系已预订酒店的旅客，以“订单即将被取消”为由诱导用户点击伪装成官方页面的钓鱼链接。此类链接会跳转至与真实平台界面高度相似的虚假网站，进而套取用户的支付信息。

值得关注的是，此次骗局的源头实为针对酒店管理系统的“ClickFix”攻击。黑客首先向酒店发送携带恶意链接的钓鱼邮件，诱使工作人员执行伪装成安全验证的PowerShell指令，进而植入远程控制木马。一旦得手，犯罪分子便可窃取酒店管理账号，直接获取旅客订单信息并实施精准诈骗。

安全专家提醒消费者：正规酒店或平台不会通过第三方渠道紧急索要付款信息。若接到可疑通知，务必通过酒店官网核实联系方式，直接致电确认订单状态。切勿点击陌生链接，避免在未经验证的页面输入个人财务信息。

中文翻译：

如果您曾通过缤客（Booking.com）或亿客行（Expedia）等平台预订酒店，请警惕任何要求您确认支付信息以确保保留预订的通讯。网络犯罪分子正针对酒店行业发起钓鱼攻击，意图盗取旅客钱财。

据安全公司Sekoia.io分析并由《黑客新闻》报道，该骗局被称为"重复支付"陷阱——诈骗分子通过WhatsApp或电子邮件联系酒店客人，声称需核实支付信息否则将取消订单。受害者点击链接后会跳转至仿冒缤客或亿客行的虚假页面，被诱导输入银行卡信息。

这并非缤客首次成为诈骗目标：此前犯罪分子曾通过伪造验证码及同形异义词攻击（利用URL相似字符跳转至恶意网站）等手段，直接向用户传播恶意软件。

"缤客ClickFix骗局"运作流程
这场多阶段攻击始于黑客针对酒店发起的ClickFix攻击——一种通过虚假错误信息或验证码表单诱使用户下载恶意软件的社会工程学攻击。（笔者曾揭露多起ClickFix骗局，例如通过TikTok人工智能生成教学视频和Discord过期邀请链接传播的案例。）

具体套路如下：酒店经理收到来自被盗账号的钓鱼邮件，链接会跳转至虚假的reCAPTCHA验证页面。这正是ClickFix的攻击环节，目标对象被要求完成验证以"确保连接安全"。经过几次跳转后，用户会被诱导复制并执行PowerShell命令，从而在设备上下载远程访问木马（如PureRAT）。

一旦恶意软件植入，犯罪分子即可获得远程控制权，包括操纵鼠标键盘、窃取数据、执行命令、上传下载文件、记录键盘输入以及开启摄像头和麦克风。黑客随后能窃取管理员凭证登陆预订平台，向酒店客人发送前述钓鱼邮件，或将窃取的信息转卖给其他网络罪犯。

如何防范酒店预订骗局
虽然我们无法阻止酒店管理人员无意泄露预订信息，但可通过保持警惕来避免个人财务数据进一步泄露。正规酒店通常不会通过预订平台（平台本身也不会）要求您为已确认的预订重复付款。

这种刻意营造的紧迫感旨在促使您仓促行动。若对情况存疑，请直接使用酒店官网联系电话（切勿使用邮件或WhatsApp中的号码）进行核实。切勿点击任何可疑链接，在确认处于正规预订平台或酒店官网前绝不输入任何信息。

英文来源：

If you've booked a hotel through a platform like Booking.com or Expedia, beware any communication that directs you to confirm your payment details to hold your reservation. Threat actors are targeting the hospitality industry with a phishing campaign designed to steal from travelers.
As outlined by security firm Sekoia.io and reported by The Hacker News, the scheme is referred to as "I Paid Twice" because hotel customers are eventually conned into handing over their banking information. Scammers contact guests via WhatsApp or email about their booking, saying that they need to verify their payment or risk cancellation. The link goes to a fake landing page that looks like Booking.com or Expedia, where victims are prompted to provide card information.
This isn't the first scam to target Booking.com: Scammers have previously spoofed the site to spread malware directly to users via both fake CAPTCHAs and homograph attacks, which exploit similar characters in the URL to redirect to a malicious website.
How the Booking.com ClickFix scam works
This multi-step campaign actually begins when hackers target hotels themselves with ClickFix attacks, a type of social engineering attack designed to trick users into downloading malware via fake error messages or CAPTCHA forms. (I've covered a handful of ClickFix schemes, such as those spread via AI-generated instructional videos on TikTok and expired invite links on Discord.)
The scam runs as follows: Hotel managers receive emails from compromised accounts with phishing links that redirect to a supposed reCAPTCHA page. This is the ClickFix component, as targets are instructed to complete the challenge to "ensure the security of your connection." A couple of redirects lead to the user copy and execute a PowerShell command that downloads a Remote Access Trojan (like PureRAT) to their device.
Once the malware has been delivered, it allows threat actors remote access, including control of the mouse and keyboard, data exfiltration, command execution, file uploads and downloads, keylogging, and webcam and microphone capture. Hackers are then able to steal admin credentials to gain access to booking platforms and send the aforementioned phishing emails to hotel guests—or they can sell the information to other cybercriminals.
Don't fall for the hotel booking scam
You can't control whether a hotel manager unwittingly hands over access to your booking information. But you can avoid further compromising your personal and financial data by staying vigilant to any unexpected communication about your reservation. A reputable hotel probably won't contact you via a booking platform (nor will the platform itself) to demand payment for holding a reservation you've already confirmed.
This sense of urgency is meant to trick you into acting quickly, so if you're not sure what's going on, call the hotel directly using the number on their official website (not from the email or WhatsApp message). Don't click any links, and don't enter any information unless you have confirmed that you are on a legitimate booking platform or hotel website.