CloudSEK’s researchers have recently discovered a scam campaign involving fake customer care numbers posted on hotel listings on Google in India.
The scam campaign involves multiple sets of similar-looking hotel room images with the same background but different phone numbers written on them. These images are uploaded by threat actors in the review section of the hotel listing to lure customers.
The phone numbers are written so that Optical Character Recognition (OCR) – a technology that extracts text from images, cannot read them but are readable by humans.
An in-depth analysis of the reviews posted by the threat actors revealed that they are not limited to any geographical area while targeting hotels and have posts across various states in India. However, a major concentration of this campaign was observed in the pilgrimage cities with the likes of Jagannath Puri, Ujjain, and Varanasi. Hotels and homestays from all price categories are being targeted in this campaign.
The threat actors regularly create new Google accounts and use new phone numbers to keep the scam running. It remains to be seen whether this campaign is operated by a single actor or a group of people. However, our research was able to uncover multiple Google accounts advertising different numbers.
Truecaller records indicate that around 71% of the calls from the 19 fake numbers discovered during our research were answered by individuals who could become victims. On average, 126 calls were made from each number.
Notably, the names associated with the scanned numbers on Truecaller profiles did not match the names linked to their Google accounts. Multiple Google accounts were observed advertising different phone numbers in a single hotel listing.
The impact of this scam campaign is significant, with fake customer care numbers being misused by scammers to lure customers of hotels, resulting in a monetary loss for the victim. The hotels’ brand image is also being affected due to this scam.
CloudSEK recommends that users should book only via trusted channels and avoid putting upfront deposits. It is also recommended to identify and immediately suspend or takedown such Google accounts spreading fake customer care numbers. CloudSEK recommends running aggressive awareness campaigns to educate users about the ongoing scams.