Scammers are sending fake messages to our guests, what to do?
Runnr.ai was not hacked.
Sometimes our clients contact us with the question "did Runnr.ai got hacked?", because their guests have received fake whatsapp messages requesting them to do extra payments.
What often happens in these cases is that hackers create a fake (spoofed) version of the Booking.com website, and someone who works at a hotel—likely a staff member who manages reservations was tricked into logging into that fake site.
Because the hotel staff member entered their real Booking.com login details on the spoofed website, the hackers were able to:
What often happens in these cases is that hackers create a fake (spoofed) version of the Booking.com website, and someone who works at a hotel—likely a staff member who manages reservations was tricked into logging into that fake site.
Because the hotel staff member entered their real Booking.com login details on the spoofed website, the hackers were able to:
- Capture the login credentials (username + password)
- Use these credentials to access the hotel’s Booking.com account
- View and extract the guest data stored there — for example, names, contact information like phone numbers and email addresses, booking dates, room numbers, etc.
This kind of attack is a phishing or credential-harvesting attack. The hackers don’t hack Booking.com directly; instead, they trick hotel staff into giving up their credentials.
In simple terms:
Someone at the hotel was fooled into logging into a fake Booking.com site, and the attackers used that login to access guest reservation data.
In simple terms:
Someone at the hotel was fooled into logging into a fake Booking.com site, and the attackers used that login to access guest reservation data.
Take these steps to prevent it:
- Make sure you always use Single-Sign On or at least two-factor authentication for the systems you work with.
- Check who has the rights to do what within your systems and adjust if needed.
- If you're not using your own phone number within Runnr.ai yet, get in contact with the Customer Success team (via support@runnr.ai) to upgrade to a Plus package. This allows you to message your guests from you own phone number which improves credibitlity.