Source*: A - Reliable; 1 - Confirmed by independent Sources
Executive Summary
THREAT
Threat actors are uploading images showcasing their phone numbers on google listings of hotels.
When an unsuspecting user contacts these phone numbers they are asked to make an advance payment for reservation confirmation.
~71% of the targeted audience fell prey to these scams.
IMPACT
The fake custom care numbers are being misused by scammers to lure customers of hotels which is resulting in a monetary loss for the victim.
Brand image loss to the hotel.
MITIGATION
Run aggressive awareness campaigns to educate users about the ongoing scams.
It is recommended to identify and immediately suspend or takedown such google accounts spreading Fake Customer Care Numbers.
Book only via trusted channels and avoid putting upfront deposits.
Analysis and Attribution
Information from the Post
CloudSEK’s researchers found several google accounts posting similar-looking photos on hotel listings.
Multiple sets of these images had the same background but different phone numbers were written on them.
These phone numbers are written in such a way that OCR could not read them but are readable by humans.
Images used by the threat actors
Images used by the threat actors
Analysis of the Numbers
An in-depth analysis of the numbers suggested the following points were observed in this campaign:
Threat actors are not limited to any geographical area and have posts across various states in India. A major concentration of this campaign was observed in the pilgrimage cities (Jagannath Puri, Ujjain, Varanasi).
Hotels and homestays from all price categories are being targeted in this campaign.
Threat actors are regularly creating new google accounts and using new phone numbers to keep the scam running.
It remains unknown whether this campaign is operated by a single actor or a group of people, however, our research was able to uncover multiple google accounts advertising different numbers.
Breakdown of spam calls made by 19 mobile numbers
Truecaller records indicate that around 71% of the calls from the 19 fake numbers discovered during our research were answered by individuals who could become victims. On average, 126 calls were made from each number.
Notably, the names associated with the scanned numbers on Truecaller profiles did not match the names linked to their Google accounts.
Multiple google accounts were observed advertising different phone numbers in a single hotel listing. (For more information please refer to the Appendix section)
As observed in previous instances of fraudulent customer care schemes, the perpetrators, in this case, employed a combination of the three primary telecommunications providers, with the majority of the registered numbers originating from the eastern and northeastern regions of India.
List of Google Accounts & Phone Numbers Used by Scammers
More information and context about Underground Chatter
On-Demand Research Services
Global Threat Intelligence Feed
Protect and proceed with Actionable Intelligence
The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.