Hotels Hacker Alert Issued As ‘I Paid Twice’ Attacks Confirmed

ByDavey Winder,

Senior Contributor.

There are many, many ways that you can get hacked. Web browser vulnerabilities, using the wrong password, or any number of well-known scams will do the trick. Travellers have been warned of one particularly nasty scam targeting customers of hotels that is doing the rounds, and which could see you pay twice for your stay.

As if you don’t have enough to worry about when travelling, from the security of your VPN app to the dangers posed by smartphone thieves, now a new threat has been confirmed. This time it’s based around good old-fashioned phishing, the use of social engineering techniques, call it fraud or scamming if you prefer, to relieve you of your data, credentials or cash. Often all three.

Jeremy Scion, Quentin Bourgue and the Sekoia Threat Detection & Research team have confirmed that cybercriminals are employing what it has called the I Paid Twice phishing campaign in order to target hotels with PureRAT malware, via ClickFix attack, that can steal booking service credentials and enable ongoing attacks against customers. The name is apt, the Sekoia report stated, as one of the victims the threat detection and research team investigated “paid twice for his reservation: one at the hotel and once to the cybercriminal.” The analysed campaign has been active since at least April 2025, the report stated.

Hotels Hacker Alert Issued As ‘I Paid Twice’ Attacks Confirmed

Related reading

BWH Hotels guests warned after reservation data checks out with cybercrooks

Booking.com customers warned of 'reservation hijack' scams after data breach

‘Reservation Hijacking’ Scams Target Travelers. Here’s How to Stay Safe

Booking.com warns customers of hack that exposed their data

PayPal Users Warned ‘Do Not Pay, Do Not Phone’ As Attackers Strike

PayPal Attack Update: Another ‘Do Not Pay’ Warning Issued