• ‍Category: Adversary Intelligence
• ‍Industry: Hospitality
• ‍Motivation: Financial
• ‍Region: India
• ‍Source*: A - Reliable; 1 - Confirmed by independent Sources

‍

Executive Summary

THREAT‍

• Threat actors are uploading images showcasing their phone numbers on google listings of hotels.
• When an unsuspecting user contacts these phone numbers they are asked to make an advance payment for reservation confirmation.
• ~71% of the targeted audience fell prey to these scams.

IMPACT‍

• The fake custom care numbers are being misused by scammers to lure customers of hotels which is resulting in a monetary loss for the victim. 
• Brand image loss to the hotel.

MITIGATION‍

• Run aggressive awareness campaigns to educate users about the ongoing scams.
• It is recommended to identify and immediately suspend or takedown such google accounts spreading Fake Customer Care Numbers.
• Book only via trusted channels and avoid putting upfront deposits.

‍

Analysis and Attribution

Information from the Post

• CloudSEK’s researchers found several google accounts posting similar-looking photos on hotel listings.
• Multiple sets of these images had the same background but different phone numbers were written on them.
• These phone numbers are written in such a way that OCR could not read them but are readable by humans.

‍

Analysis of the Numbers

An in-depth analysis of the numbers suggested the following points were observed in this campaign:

• Threat actors are not limited to any geographical area and have posts across various states in India. A major concentration of this campaign was observed in the pilgrimage cities (Jagannath Puri, Ujjain, Varanasi).
• Hotels and homestays from all price categories are being targeted in this campaign.
• Threat actors are regularly creating new google accounts and using new phone numbers to keep the scam running. 

• It remains unknown whether this campaign is operated by a single actor or a group of people, however, our research was able to uncover multiple google accounts advertising different numbers. 

‍

‍

• Truecaller records indicate that around 71% of the calls from the 19 fake numbers discovered during our research were answered by individuals who could become victims. On average, 126 calls were made from each number.
• Notably, the names associated with the scanned numbers on Truecaller profiles did not match the names linked to their Google accounts.

• Multiple google accounts were observed advertising different phone numbers in a single hotel listing. (For more information please refer to the Appendix section)

• As observed in previous instances of fraudulent customer care schemes, the perpetrators, in this case, employed a combination of the three primary telecommunications providers, with the majority of the registered numbers originating from the eastern and northeastern regions of India.

‍

List of Google Accounts & Phone Numbers Used by Scammers

‍

References

• *Intelligence source and information reliability - Wikipedia
• ^#Traffic Light Protocol - Wikipedia
• An Analysis of the Fake Customer Care Numbers In India | CloudSEK 

‍

Appendix

‍

‍

‍

‍

‍