![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/hotel.transactionWinCE.PNG\"){kind=spacer}
<\/p>\nIf you get an email message telling you a hotel has erroneously charged your credit card account, be careful. The odds are that it’s part of a new spam campaign that could infect your computer.
\nThe messages started popping up in recent days and there are already many variants of the same theme – a hotel wrongly charged a credit card number and the victim is supposed to fill out an attached form to process the refund.<\/p>\n
<\/p>\n
As per the fraud mail : “Please see the attached form. You need to fill it out and contact your bank for return of funds” read one such message, titled “Hotel Breakers Palm Beach made wrong transaction.”<\/p>\n
The ‘refund’ form is actually a malicious Trojan horse program. When it is executed a pop-up announces “Software Installed” and has an “OK” button within a couple of minutes. Clicking ‘OK’ causes a connection to “heftyhips.com” on IP 66.197.251.53. which installs a fake antivirus software on the victim’s computer.<\/p>\n
There are probably many other such domains which cause the download to begin and install this rogueware as well.<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/hotelspam.startWinCE.PNG\")
<\/p>\n
Fake antivirus software is a major annoyance. It points out bogus security problems on a victim’s computer and keeps pestering them until they pay out money, usually between US$40 and $120, to buy the fraudulent antivirus product.<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/personel-shild-proWinCE.JPG\")
<\/p>\n
![\"\"](\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/hotelspam-detWinCE1.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"