Microsoft Warns Japan Hotels About Malicious Guest Complaint Emails
Fake guest complaints targeting hotels in Japan are being used in a phishing campaign that tricks hotel workers into opening malicious files disguised as photos or videos.
Microsoft says the campaign has been active since April 2026, while Trend Micro has reported similar attacks against Japanese Booking.com partner accommodations.
Hotels in Japan Face Phishing Emails Disguised as Guest Complaints
Attackers are sending emails that look like routine customer-service complaints. The messages often claim that a guest has an issue with a booking, room, or service and includes a link to download photos or videos as “proof.”
The goal is to make hotel staff act quickly without checking the file carefully.
These emails do not look like obvious spam. Instead, they copy the tone and urgency of normal guest complaints, making them more dangerous for busy front-desk and reservation teams.
Why Japanese Hotels Are Being Targeted
Similar attacks have appeared in Europe and Asia, but Japan appears to face a more immediate risk in this campaign.
Microsoft found Japanese-language phishing examples more often than Danish or Dutch ones in the activity it analyzed. This suggests attackers may be focusing more heavily on Japanese hotels and accommodation providers.
The hospitality sector also gives attackers a strong opening. Hotel workers regularly handle guest messages, booking issues, complaints, attachments, and links from people they do not know.
How the Hotel Phishing Emails Work
The attackers usually pose as guests or booking contacts. They send a complaint that pressures staff to respond quickly, then include a download link for supposed evidence.
The link typically downloads a ZIP file. Inside that archive, the victim finds a file that looks like a photo. However, the file is actually a shortcut designed to start the infection process.
Once a hotel worker opens it, the malware can run on the computer and wait for further instructions from the attackers.
Attackers Keep Changing Their Delivery Tactics
The campaign has changed over time as attackers tested different delivery methods, file names, and domains.
Some emails used Calendly notifications and Google redirect links to make the download page look safer. Others used Gmail accounts in a more convincing two-step approach.
In those cases, the attacker first sent a normal inquiry and waited for hotel staff to reply. After receiving a response, the attacker sent the malicious link.
This makes the attack harder to spot because the conversation already looks active and legitimate.
What Happens After Infection
After infection, the malware can stay on the device and run quietly in the background.
This may allow attackers to steal credentials, install more malware, or use the infected machine as an entry point into other systems.
For hotels, that risk can be serious. A compromised reception or reservation computer could expose staff accounts, booking platforms, customer data, or internal systems.
How Hotel Staff Can Reduce the Risk
Hotels should treat urgent complaint emails with caution, especially when they include ZIP files or unexpected photo downloads.
Staff should check whether the sender, link, file type, and message context make sense before opening anything. They should also avoid opening shortcut files inside compressed folders, even if the file appears to have an image-related name.
The main warning is simple: these attacks arrive through normal hotel workflows, not just obvious spam.
This campaign comes as other security threats continue to target everyday platforms and workflows.
WhatsApp’s upcoming username rollout has already raised impersonation and fraud concerns, while a malicious Chrome extension disguised as Perplexity AI was recently discovered.
Threat actors have also been distributing malicious PyPI packages aimed at Telegram bot developers, showing how attackers continue to abuse trusted platforms and developer tools.
Via TechRepublic
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
User forum
0 messages