Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan

News Room

Fake guest complaints are turning into a security trap for hotels in Japan.

Microsoft found phishing emails using room complaints and photo links to trick hotel workers into opening malicious files. Trend Micro reported similar attacks targeting Japanese Booking.com partner accommodations, in which scammers posed as guests or booking contacts.

Similar activity has been observed in Europe and Asia, but Japan’s hotel staff face a more immediate risk from messages that appear to be urgent customer service requests.

According to Microsoft, the campaign has been active since April 2026 and has not been linked to a known hacking group. Attackers changed file names, delivery methods, and web domains as the operation developed.

Hotel problems that demand a quick response became the bait, from bedbug complaints to room-condition questions and stay reviews. Japanese examples appeared more often than Danish or Dutch ones in the set described by researchers.

Suspicious emails were also sent in late May to Japanese Booking.com partner companies. One translated sample from Trend Micro’s report claimed, “Bed bugs were discovered in the room,” then told the recipient to “Download Photos and Videos.”

More Microsoft news

From guest email to infected machine

The next step happens after the worker clicks. The link downloads a ZIP file that appears to contain guest evidence, such as photos or documents tied to the complaint.

Inside is a file that looks like a photo, but it is actually a shortcut. Opening it starts the infection.

Scammers used trusted services to make the messages look safer. One route used Calendly notifications and Google redirect links. Another used Gmail, where the attacker began with a normal inquiry, waited for a reply, and then sent the malicious link.

After the file runs, the malware can stay on the machine and wait for instructions. Infected devices can remain in a waiting loop, leaving room for credential theft or more malware if the infection stays active.

Pressure on Japan’s front desks

A bedbug claim or room-safety complaint can force a quick response from reception teams. Attackers are using that pressure against workers who handle guest messages every day.

Smaller accommodation providers may be exposed when the same inbox handles guest complaints and booking requests. If a reception computer is infected, attackers could gain an entry point into reservation tools or staff accounts.

The risk can grow after the first bad download. A front-desk device may hold saved browser sessions or guest communications that hackers can use for follow-on access.

Hotel staff are being targeted through routine customer-service work, not obvious spam. A safer habit is to pause before opening urgent complaint emails and check whether the sender, link, and downloaded file make sense.

Microsoft is offering free Windows 10 security updates through 2027, but only some consumer PCs qualify. 

Read the full article here

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *