Today marks the start of Spring in the Northern Hemisphere, and with warmer weather setting in summer trips are vacation planning are starting to take shape.
But before you respond to that message about your hotel booking or payment confirmation, it’s worth asking: is it actually legit?
This week in scams, we’re breaking down a travel phishing scheme making the rounds through realistic booking messages, as well as new McAfee research on betting scams and AI-driven malware.
We’ll walk through what happened, what to watch for, and how McAfee’s tools can help you stay safe.
Scammers Who Know Your Exact Travel Reservation Details
A new phishing campaign targeting travelers is exploiting hotel booking platforms like Booking.com, and it’s convincing enough to fool even cautious users.
According to reporting from ITBrew and Cybernews, attackers are running a multi-stage scam:
How The Booking Scam Works
| Scam Stage | How It Works | What You’ll Notice | How to Protect Yourself | Where McAfee Helps |
| Stage 1: Hotel account gets compromised | Attackers phish or hack hotel staff to access booking platforms and guest reservation data. | You won’t see this part — it happens behind the scenes. | Use strong, unique passwords and enable multi-factor authentication on your own accounts to reduce risk of similar breaches. | Identity Monitoring can alert you if your personal information appears in suspicious places or data leaks. |
| Stage 2: You receive a realistic message | Scammers use stolen booking data to send messages via WhatsApp, email, or even booking platforms. | The message includes your real name, hotel, and travel dates, making it feel legitimate. | Be cautious of unexpected outreach, even if the details are correct. Don’t assume accuracy means authenticity. | Scam detection tools can help flag suspicious messages and identify potential phishing attempts. |
| Stage 3: Urgency is introduced | The message claims there’s an issue with your reservation and pushes you to act quickly. | Phrases like “confirm within 12 hours” or “risk cancellation” create pressure. | Pause before acting. Legitimate companies rarely require urgent payment changes without prior notice. | Scam detection can help identify high-risk messages designed to pressure you into quick decisions. |
| Stage 4: You’re sent to a fake payment page | A link leads to a convincing lookalike site designed to steal your payment details. | The page looks real but may have subtle URL differences or unusual formatting. | Always navigate directly to the official website or app instead of clicking links in messages. | Safe Browsing tools can help block risky or known malicious websites before you enter sensitive information. |
March Madness Brackets, Bets, and Bad Actors
March Madness brings brackets, bets, and a flood of bad actors.
New McAfee research found that 1 in 3 Americans (32%) say they’ve experienced a betting or gambling scam, and nearly a quarter (24%) say they’ve lost money to one. On average, victims reported losing $547.
That’s not surprising when you look at the environment around the tournament. More than half of Americans are watching, more than half are participating in some form of betting, and 82% say they’ve seen betting promotions in the past year.
Some of the most common setups this season include:
- “Guaranteed win” or “can’t lose” betting tips that require payment upfront
- Fake sportsbook promotions offering bonus bets or free credits
- Messages claiming you have winnings, but need to pay a fee to unlock them
- Impersonation scams posing as sportsbook support or betting platforms
- Invitations to private “VIP betting groups” on WhatsApp or Telegram
The takeaway:
If a betting offer promises guaranteed results, demands the use of bizarre apps and sites, asks for money upfront, or pushes you to act quickly, it’s not an edge. It’s a scam.
“AI-Written” Malware Is Hiding in Everyday Downloads
Not all scams start with a message. Some start with a search.
McAfee Labs uncovered a large-scale malware campaign hiding inside hundreds of fake downloads, including game mods, AI tools, drivers, and trading utilities.
In January alone, researchers identified:
- 443 malicious ZIP files disguised as legitimate software
- 1,700+ file names used to make those downloads look credible
- 48 variants of a malicious DLL file used to infect devices
These weren’t hosted on obscure corners of the internet either. The files were distributed through platforms people recognize, including Discord, SourceForge, and file-sharing sites.
Here’s how the attack typically works:
- You search for a tool.
- You download what looks like the right file.
- It opens normally at first.
Then, behind the scenes, malware loads quietly and begins pulling in additional code. In some cases, victims are shown fake error messages while the real infection happens in the background.
From there, attackers can:
- Turn your device into a cryptocurrency mining machine
- Install additional malware like infostealers or remote access tools
- Slow down your system while running hidden processes
What makes this campaign stand out is that some of the code appears to have been generated with help from AI tools.
That doesn’t mean AI is running the attack on its own. But it does suggest attackers are using AI to:
- Generate code faster
- Create more variations of malware
- Scale campaigns more efficiently
In other words, the barrier to building malware is getting lower.
The takeaway:
If a download is unofficial, hard to find, or feels like a shortcut, it’s worth slowing down. The file may look right, but that doesn’t mean it’s safe.
How McAfee+ Advanced Works in These Scam Moments
Whether it’s a message about your booking, a betting offer that looks legitimate, or a download that appears to be exactly what you were searching for, these scams all rely on the same thing: they blend into everyday moments.
That’s where having backup like McAfee+ Advanced comes in. It includes:
- McAfee’s Scam Detector, which helps flag suspicious links in texts and messages like the ones used in these booking and betting scams, so you can spot something risky before you engage
- Web protection and real-time device security, helping protect against risky links, malicious sites, and evolving threats if you do click, including fake betting platforms or malware hidden in downloads
- Personal Data Cleanup, which helps remove your information from sites that sell it, making it harder for scammers to access the personal details that make messages and scams feel legitimate
- Secure VPN, which helps keep your personal info safe and private anywhere you use public Wi-Fi, like hotels, airports, and cafés while traveling
- Identity Monitoring and alerts, with 24/7 scans of the dark web to help ensure your personal and financial information isn’t being exposed or reused
- Credit and transaction monitoring, so you can get alerts about suspicious financial activity if your information is ever compromised
- Identity restoration support and up to $2 million in identity theft coverage, giving you access to US-based experts and added peace of mind if something does go wrong
Stay skeptical, verify before you click, and we’ll see you next week with more.
Stay Updated
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.
