Marriott International says it is the latest victim of a phishing scheme designed to embed malware on the computers of unsuspecting users.
Hundreds of people have contacted Marriott saying they received e-mails that appear to be reservation confirmations, said Marriott spokesman Jeff Flaherty. The fake e-mails contain links that trigger the installation of malware on a user’s computer.
“It seems to be a phishing scheme that is very similar to what other organizations such as UPS and DHL have all experienced,” Flaherty said. “There is no indication that this is any kind of a security breach.”
The company said it is not sure how many people received the e-mails, or what woould happen if the malware were installed.
“It appears that what they’re trying to do is just get as many people as they can to click on those links,” Flaherty said. “We don’t know what happens if somebody were to click on that link and if that malware were to be downloaded.”
Adam Weintraubof Sacramento said he received an e-mail earlier today congratulating him for booking a stay at a Marriott hotel in Houston.Weintraubsaid he had booked no such trip.
Upon closer inspection, he said the e-mail seemed to have come from a ‘Mariott.net’ domain registered in Russia.
The round of phishing e-mails does not seem to be targeted to anybody in particular, Flaherty said.
“[Based on] the people who have contacted us to let us know about the situation, it’s across the board,” he said. “We can’t even say they’ve all been Marriott guests at one point. It can be anybody who has an e-mail address.”
Marriott is urging those who receives erroneous e-mails to delete them immediately. The company is also referring users to the Federal Trade Commission’s Web sites for information on computer security and phishing schemes.