A new scam modality is circulating on WhatsApp with a level of sophistication that deceives unsuspecting users. The criminals send messages that simulate hotel reservation reminders and use the victim's full name to lend credibility to the deception.
The fraud operates from verified company accounts on the messaging platform. This technical detail generates a false sense of security in the recipient, who tends to trust the authenticity of the sender upon seeing the official badge.
Cybercriminals exploit massive data leaks
The precision with which scammers know the identity of their targets is not accidental. The acquisition of this personal data is attributed to old database leaks that continue to circulate in clandestine forums.
A paradigmatic example is the Phone House security breach that occurred five years ago in Spain. That incident exposed millions of records that included names, surnames, DNI, and phone numbers, information that now feeds these targeted phishing campaigns.
Antonio Ortiz identified this fraudulent mechanism and publicly denounced it on the X platform. His alert focuses on how criminals combine social engineering with real data to bypass users' psychological defenses.
The message usually includes a link that directs to a fake payment gateway. The ultimate goal is to steal banking credentials or make an illegitimate charge by taking advantage of the urgency generated by the supposed hotel reservation.
Authorities recommend always verifying through official channels
The most effective prevention measure consists of ignoring the received link. Experts advise calling the official number of the hotel or the impersonated entity directly, previously consulted on their corporate website.
Sensitive information should never be provided through links sent by instant messaging, no matter how verified the sender's profile may seem. Systematic distrust of unexpected payment requests is the best barrier.
In case of having made the payment, the reaction must be immediate. It is necessary to contact the bank to block additional charges or request the refund of the money improperly transferred.
Likewise, it is essential to file a police report, providing screenshots of the message received and the fraudulent link. These digital proofs are fundamental for law enforcement agencies to track the operation.
This same scheme is replicated in other variants that impersonate banking entities or parcel services. The pattern remains constant: use of real data, creation of urgency, and redirection to fake websites to steal financial information.