Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan

Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan

Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan

Source: Pressmaster/Envato

Microsoft and Trend Micro found hotel phishing attacks using fake guest complaints and photo links to target staff in Japan.

Written By
Liz Ticong
Liz Ticong
Jul 1, 2026

Fake guest complaints are turning into a security trap for hotels in Japan.

Microsoft found phishing emails using room complaints and photo links to trick hotel workers into opening malicious files. Trend Micro reported similar attacks targeting Japanese Booking.com partner accommodations, in which scammers posed as guests or booking contacts.

Similar activity has been observed in Europe and Asia, but Japan’s hotel staff face a more immediate risk from messages that appear to be urgent customer service requests.

According to Microsoft, the campaign has been active since April 2026 and has not been linked to a known hacking group. Attackers changed file names, delivery methods, and web domains as the operation developed.

Hotel problems that demand a quick response became the bait, from bedbug complaints to room-condition questions and stay reviews. Japanese examples appeared more often than Danish or Dutch ones in the set described by researchers.

Suspicious emails were also sent in late May to Japanese Booking.com partner companies. One translated sample from Trend Micro’s report claimed, “Bed bugs were discovered in the room,” then told the recipient to “Download Photos and Videos.”

More Microsoft news

From guest email to infected machine

The next step happens after the worker clicks. The link downloads a ZIP file that appears to contain guest evidence, such as photos or documents tied to the complaint.

Inside is a file that looks like a photo, but it is actually a shortcut. Opening it starts the infection.

Scammers used trusted services to make the messages look safer. One route used Calendly notifications and Google redirect links. Another used Gmail, where the attacker began with a normal inquiry, waited for a reply, and then sent the malicious link.

After the file runs, the malware can stay on the machine and wait for instructions. Infected devices can remain in a waiting loop, leaving room for credential theft or more malware if the infection stays active.

Advertisement

Pressure on Japan’s front desks

A bedbug claim or room-safety complaint can force a quick response from reception teams. Attackers are using that pressure against workers who handle guest messages every day.

Smaller accommodation providers may be exposed when the same inbox handles guest complaints and booking requests. If a reception computer is infected, attackers could gain an entry point into reservation tools or staff accounts.

The risk can grow after the first bad download. A front-desk device may hold saved browser sessions or guest communications that hackers can use for follow-on access.

Hotel staff are being targeted through routine customer-service work, not obvious spam. A safer habit is to pause before opening urgent complaint emails and check whether the sender, link, and downloaded file make sense.

Microsoft is offering free Windows 10 security updates through 2027, but only some consumer PCs qualify. 

Liz Ticong

Liz Ticong is a technology writer specializing in artificial intelligence, cybersecurity, software reviews, and emerging business technologies. With more than a decade of professional writing experience and over five years contributing technology content for TechnologyAdvice, she helps readers understand complex technologies and evaluate the tools that best fit their needs. Liz has extensive experience researching, testing, and analyzing software platforms, AI tools, and technology solutions. Her work includes in-depth software reviews, buyer’s guides, product comparisons, and technology news coverage designed to help businesses make informed purchasing and implementation decisions. She regularly evaluates AI applications, automation tools, cybersecurity solutions, and business software, providing practical insights based on hands-on testing and research. In addition to her work with TechnologyAdvice, Liz has contributed technology content to leading industry publications, including eWeek and TechRepublic. Her background in technical writing and software analysis enables her to translate complex technical concepts into clear, actionable guidance for both business and technology audiences. Liz holds a bachelor's degree in Broadcast Communication from the Polytechnic University of the Philippines and continues to expand her expertise through ongoing education in artificial intelligence and emerging technologies. Through her writing, she helps readers navigate a rapidly evolving technology landscape with practical, research-driven insights and real-world product analysis.