top of page
Search

Malware Alert: Booking.com Reservation Cancellation Email

  • TrainMyParent.com
  • 6 days ago
  • 4 min read
A view of London, England!

A malicious malware attack is going around, delivered via a "Reservation Cancellation" malware email from Booking.com. This email contains links that will install malware on your computer that can expose all of your personal information.


What it looks like: The potential victim receives an email apparently from Booking.com with the subject "Reservation Cancellation", indicating that they will receive a refund of their €1,000 deposit, and urges them to click on a link to review and confirm their refund.


The link brings them to a perfect copy of the Booking.com website, which is designed to bring credibility to the scenario. The user then sees a loading error message stating that the web page is "Taking too long. Click to refresh", which is something that occasionally happens in real life. Again, this adds to the credibility of the scenario. But, when the user clicks to refresh, they are then presented with the dreaded "Blue Screen Of Death", which is what a Windows machine displays when it encounters a serious issue, like a hardware failure or system crash.



A Windows Blue Screen of Death
A Windows BSOD is sure to ruin your day.

The Blue Screen Of Death then offers repair instructions: Press Win+R, then Ctrl+V, then Enter. Win+R is the command to open up a Run command, and Ctrl+V is the Paste command. What the victim pastes into their Run window that downloads the malware and uses trusted Windows commands to build it into a trusted application, which is very sneaky.


The trusted malware disables Windows Defender, and can get access to your webcam, install keyloggers, extract passwords, give remote access to your computer, and other devious actions.


Why is it bad? Since the malware is trusted by Windows, it can do almost anything it wants to do to your computer. This particular European Booking.com variant is the latest version of this malware attack scenario that has been going around for over five years, and could easily be morphed into a newer scenario. All it takes is a different cloned website for a new targeted ruse, and a new crop of victims are found.


How to protect yourself: First, if you have never experienced it, you are very lucky, but the dreaded Blue Screen of Death never offers repair instructions. The only recourse is a shutdown and restart, and then possibly a trip to a computer repair shop or a Windows Update rollback if the symptoms persist.


Second, never trust any unknown source, such as an internet website, that instructs you to press Win+R, the Run command, followed by Ctrl+V, the paste command. You never know what is on your clipboard until you paste it. Yes, there may be legitimate times when you might want to open a Run command window with Win+R, but you will know it when you see it, such as when you are changing operating system settings under specific situations. In general, if you are unsure whether what you are being asked to do is all about, reach out to a computer tech that you trust.


If you do receive the Blue Screen of Death while working in a browser window, just close the window. The browser might be in full screen mode, and the escape ("esc") key exits that mode (F11 enters it...go ahead and try it!) so you can then click on the X in the upper right corner. Or, Alt+F4 (Exit) or Ctrl+W (Close) are other keyboard shortcuts to close the current window.


What to do if you were tricked: Although your computer might be beyond hope, you might be able to stop the spread of the malware if you act quickly. First, remove your computer from your network immediately. Turn on airplane mode. Pull out your Ethernet cable. Shutdown your router. Put your computer into Sleep or Hibernation mode. Do whatever you can to isolate the computer from the rest of your network.


Second, startup a different device that wasn't on your network, and perform an anti-malware scan to verify that it is clean. If it passes the test, use it to change all of your passwords so your passwords stored on the infected computer are no longer valid.


Third, check all other devices on your network to verify they weren't also infected by performing malware scans. Quarantine any that you are unsure about.


Fourth, bring infected devices to a trusted computer tech repair facility to see how much of your data, if any, can be preserved. They have the tools to get into the system in a controlled environment. They can also help document and report the infection to the appropriate authorities.


A hacker working to steal your mone and personal information
Be cautious when you click!

Prepare yourself: There are many ways you can minimize the impact of accidental malware infections. These include performing regular backups of your data, keeping your applications and operating systems up-to-date with the latest patches, and surfing safely. You can learn more about how you can protect yourself or your family by enrolling in the Complete Internet Security Basics and Phishing Awareness Course for Parents on TrainMyParent.com


As we say on TrainMyParent.com, scammers keep getting trickier, and usually target those who aren't paying attention. Scams come in many forms, including phishing emails, smishing texts, quishing packages, tech support phone calls....the list keeps growing.


Interested in these posts? Sign up and subscribe to our newsletter!


© 2026, TrainMyParent.com. All Rights Reserved





bottom of page