»Have you bought a vacation trip on the internet? Beware of emails from Travelplanet.pl or Wakacje.pl – Niebezpiecznik.pl –



[ad_1]

If you bought your vacation trip in one of the online sites for the sale of tours and you have not paid the full amount yet, but only an advance payment – be careful. Someone other than employees of at least two websites ( Travelplanet.pl and Wakacje.pl ) has access to the personal data of customers (and possibly the yours) and is currently sending them on behalf of travel agencies. The messages are very well counterfeited and inattentive people can lose thousands of zlotys.

Potential tourists stolen data and money

At the end of June, we wrote about the extortion of "subsidies" from TripAdvisor.pl users. The thief, who according to Wakacje.pl was a former employee of the company, used the service access database and sent credible emails to customers. He offered them a discount in exchange for a faster payment of the missing amount. Emails were sent from such areas:

platnosci-wakacje.pl
zamowienia-wakacje.pl

The company Wakacje.pl informed us after our notification that it had tracked down an impostor and had divulged it in a disciplinary way, but – which is very disturbing – the fraud targeting his clients has not stopped.

Someone misleads the customers of Travelplanet.pl by misleading customers Wakacje.pl

As if that was not enough, last week we started to report to deceived customers Travelplanet.pl – another website selling holiday trips on the Internet. They have been the target of identical extortion attempts as customers of Wakacje.pl. It is all the more strange that the Wakacje.pl incident had to be internal (the employee had to be responsible for it).

Here is an example of a message that our reader received from the address [email protected]

Ladies and Gentlemen,
Thank you for booking on our site. To complete all formalities, please pay the remaining amounts.

Account Details:
Recipient Name: Travelplanet .pl. S.A.
Address of the addressee: ul. Ostrowskiego 9, 53-238 Wrocław
Title: 55 1910 1048 2630 0008 1594 0001
Title: [imię nazwisko][data][nazwa hotelu] Amount: [kwota] PLN

If before receiving the above correspondence You have already made a payment, please ignore the request. After payment, please send a confirmation of the transfer in response to this email

We remind you that our after-sales service will contact you 48 hours before departure to confirm the departure time.

] In another fraudulent message that another victim received, another address appeared:

[email protected]

and another account number:

90 1560 0013 2006 1655 2000 0011

When the potential victim asked to send a payment link, she received the following response from the thief:

We regret to inform you that because of ongoing modernization work on the card payment system, this method is not available. I encourage you to make an additional payment by bank transfer. As part of the compensation, we will grant a 10% discount, which will reduce the amount required for the surcharge. The current amount to be paid would be XXXXX PLN
Magdalena Wątroba
Client Advisor

Here are the SMTP headers of the message above:

Receipt: from h2-ox2ap5.home-whs.pl (62.129 .250.185) (HELO null)
by az-server1818863.online.pro (46.242.170.29) with SMTP (IdeaSmtpServer 0.83)
id 060b587871bbfaa2; Sun, 22 Jul 2018 19:26:50 +0200
Date: Sun, 22 Jul 2018 19:26:49 +0200 (CEST)

It is also interesting to add that the domain doplaty-travelplanet.pl was registered 16 days ago, July 7, 2018, after we described the leakage of personal data about the fraud on the customers of Wakacje.pl

The man was he released from Wakacje.pl used in Travelplanet.pl? Or maybe the crooks have taken their people to several companies selling online tours? Or maybe both companies, and wakacje.pl and travelplanet.pl use the same computer system or broker from whom they buy trips?

Someone steals personal data from customers Travelplanet.pl

What is very important in the case of Travelplanet data leak? .pl and Wakacje.pl is the fact that the scammers correctly indicated the recipients' names in their emails, the exact dates of the trip and the name of the hotel where the victim was to be. The correspondence was also directed to the correct email addresses of the customers.

Despite the fact that fraudsters obviously have access to data from at least some of Travelplanet.pl's customers the Travelplanet.pl employees assured us that the company carried out an internal audit that has not shown that business systems. It was mentioned that " the tour operators and the owner of the reservation system " were also informed of the case, who are also the administrators of the customers' data. The company has also taken measures (for the time being ineffective) to block bank accounts and domains used by the criminal. In turn, in email alerts, the Company encourages clients to submit notifications to the prosecutor's office (interesting traffic) on their own. In the attachment to the correspondence, the same company notification model:

I have purchased or intend to buy an online visit – what to do, how live?

First, if you bought or planned to buy via Wakacje.pl or Travelplanet.pl know that your personal data may be stolen . We do not know where and how, but as you can see in the examples above, customer data is leaking and used for scams.

Secondly, before paying an amount, call the official number (you will find it on the office page) and never (not only for travel) do not pay online by bank transfer . Pay with a payment card. First of all because if you are deceived, you can file a complaint, that is to say CHARGEBACK and recover your funds. How exactly exactly works CHARGEBACK we explained in the second episode of our pod pod Nałuchu

Paying with a card in the case of tourist services has another benefit – whether the room on site, catering or transportation will not be described in the file, you can announce the transaction as incompatible with the description and you will recover all or part of the funds. This is an excellent security that you will not receive by another means of payment.

For 2 weeks, you can not block the domain used to cheat …

Finally, let's think about it. It is incredible that although Travelplanet.pl has been aware of the incident for two weeks and informed the prosecution, the fake domain continues to operate unhindered, and fraudsters are still trying to steal more customers, still using the same server. The last cheating attempt we've had occurred yesterday. Prokuraturo, Home.pl, AZ.pl – what are you waiting for? For the sake of simplicity:

doplaty-travelplanet.pl has the address 46.242.170.29 (cloudserver163097.online.pro)
created 2018.07.07 17:17:09
nameservers: ns6.az .pl. [46.242.149.50] ns7.az.pl. [46.242.149.60] ns8.az.pl. [46.242.149.70]

PS. If any of the tourism industry reads us, we would be grateful if they revealed which joint travel agency / broker / broker they use travel agencies and services like Travelplanet.pl and Wakacje.pl . Because we put dollars against the nuts, that not only the personal data of the customers of these two sites are stolen …

Also read:

[ad_2]
Source link