If you've booked a hotel through a platform like Booking.com or Expedia, beware any communication that directs you to confirm your payment details to hold your reservation. Threat actors are targeting the hospitality industry with a phishing campaign designed to steal from travelers.

As outlined by security firm Sekoia.io and reported by The Hacker News, the scheme is referred to as "I Paid Twice" because hotel customers are eventually conned into handing over their banking information. Scammers contact guests via WhatsApp or email about their booking, saying that they need to verify their payment or risk cancellation. The link goes to a fake landing page that looks like Booking.com or Expedia, where victims are prompted to provide card information.

This isn't the first scam to target Bo

See Full Page