Liverpool Lou Posted January 2, 2022 Share Posted January 2, 2022 On 12/31/2021 at 6:56 AM, mvdf said: They know they were hacked and yet advised you to use email nevertheless. They should have disabled their email system or, if it was under the hacker's control, they should have removed or amended the email address on their website. Ruthless of them to simply dismiss responsibility. The appropriate way to right this wrong is for them to write off this loss for reputational reasons and offer you a room complimentarily. When did they know that they had been hacked? Presumably after the OP first contacted them, there's no suggestion, apart from yours, that the hotel staff gave the go ahead for paying via a hacked system. The OP knew the name of the apparently substantial, well-reputed hotel yet sent his booking money to an individual's personal bank account. Link to comment Share on other sites More sharing options...
robblok Posted January 2, 2022 Share Posted January 2, 2022 9 minutes ago, Liverpool Lou said: Why should they take responsibility if they didn't send you the dodgy personal bank name and number? They are right, unfortunately, you sent the money to a third party individual, not a "big and leading hotel" account. Why would you do that without checking the veracity of the request with the hotel? Have you reported to the police that an individual whose name and bank details you know defrauded you? One reason is it came from their email account, that counts for something. I have regularly made payments to hotels (on Koh Lipe) that had a private bank account not a business name). So it would not really raise a red flag from me if it came from the hotel its email itself. That is their responsibility. In the Netherlands this happend too and the companies were at least partially liable. So i would not say its that cut and dry. Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 2, 2022 Share Posted January 2, 2022 On 12/31/2021 at 10:25 AM, The Theory said: ???? oh sure Perhaps employees in the back room using email addresses. Well, if that highly unlikely circumstance did happen, at least the OP has the name and bank details of the perpetrator that you suggest those staff gave him. 1 Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 2, 2022 Share Posted January 2, 2022 On 12/31/2021 at 12:48 PM, khunPer said: Have you contacted the bank to where you forwarded the deposit..? The bank will not disclose any information about a customer's account to him, as a third party. The request would have to be made inter-bank from the OP's bank. 1 Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 2, 2022 Share Posted January 2, 2022 (edited) 12 minutes ago, robblok said: One reason is it came from their email account, that counts for something. I have regularly made payments to hotels (on Koh Lipe) that had a private bank account not a business name). So it would not really raise a red flag from me if it came from the hotel its email itself. Perhaps it wouldn't raise a red flag with you because you were familiar with that parochial booking system in Koh Lipe. The OP knew the hotel was part of a big, well-reputed group that would not have booking payments sent to a private individual's personal bank account yet he didn't query it. Edited January 2, 2022 by Liverpool Lou Link to comment Share on other sites More sharing options...
robblok Posted January 2, 2022 Share Posted January 2, 2022 1 minute ago, Liverpool Lou said: Perhaps it wouldn't raise a red flag with you because you were familiar with that parochial booking system in Koh Lipe. The OP knew the hotel was part of a big, well-reputed group that would not have booking payments sent to a private individual's personal bank account yet he didn't query it. If it was a big well reputed group then yes it would raise red flags, but in lipe and other islands it often works different (non big groups). But still getting emails from the hotel itself in name of an employee would make things a lot more trustworthy. As a company you are responsible for your cybersecurity, though your point is well made too. 1 Link to comment Share on other sites More sharing options...
Ohyesuare Posted January 2, 2022 Share Posted January 2, 2022 On 12/31/2021 at 10:10 AM, snowgard said: Yes, I thought the same. In real a easy job for the police. 1. They have the bank account owner, who received the money. 2. They can find out the ip of the person who sent the email. 3. They can find out over which ip the mail account is checked for new mails. You forgot 4. They'd have to give a <deleted> (they won't). 1 Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 2, 2022 Share Posted January 2, 2022 15 minutes ago, Ohyesuare said: You forgot 4. They'd have to give a <deleted> (they won't). You forgot something, the OP would have to give a <deleted> about who he sent his money to (he apparently didn't). Link to comment Share on other sites More sharing options...
fdsa Posted January 2, 2022 Share Posted January 2, 2022 Well, that's really interesting. Topic author mentioned the DKIM signature - if it is really valid (verified with DNS records) and the MX record is valid - then it's either an insider or hacker has access to hotel's mail accounts (or internal user accounts). But given this post: On 12/30/2021 at 4:43 PM, plus7 said: Addition: I did a websearch on hotel name and found post on tripadvisor (mytrip) reporting exactly the same situation on 19 November 2021. I bet it's an insider or hotel staff making some extra money, rather than any alleged "hackers". A large hotel did not block the supposedly hacked email account within 1.5 months?! LOL. P.S. Plot twist: author is sued by the hotel for defamation Link to comment Share on other sites More sharing options...
tgw Posted January 2, 2022 Share Posted January 2, 2022 1 hour ago, Liverpool Lou said: When did they know that they had been hacked? Presumably after the OP first contacted them, there's no suggestion, apart from yours, that the hotel staff gave the go ahead for paying via a hacked system. The OP knew the name of the apparently substantial, well-reputed hotel yet sent his booking money to an individual's personal bank account. from OP's second post, it appears that the hotel knew about the situation already in november: so not shutting down the email domain or redirecting it to another server in a timely manner is criminal negligence and the hotel should be liable. Link to comment Share on other sites More sharing options...
fdsa Posted January 2, 2022 Share Posted January 2, 2022 2 hours ago, tgw said: criminal negligence it is called "TiT" here 1 Link to comment Share on other sites More sharing options...
The Theory Posted January 2, 2022 Share Posted January 2, 2022 5 hours ago, Liverpool Lou said: Well, if that highly unlikely circumstance did happen, at least the OP has the name and bank details of the perpetrator that you suggest those staff gave him. And you believe that everything is "logical" here ???? 1 Link to comment Share on other sites More sharing options...
tgw Posted January 2, 2022 Share Posted January 2, 2022 5 hours ago, fdsa said: it is called "TiT" here true dat ... Link to comment Share on other sites More sharing options...
geisha Posted January 2, 2022 Share Posted January 2, 2022 Thé lady sounds a bit iffy to me. It should be easy to find the bank account holder. Link to comment Share on other sites More sharing options...
soi3eddie Posted January 2, 2022 Share Posted January 2, 2022 On 12/30/2021 at 1:36 PM, tgw said: yes, that part of the story stands out. points to an inside job. I would report the case to the cybercriminality division of the police, along with the report from November. Either an inside job or criminal negligence. Also, the account should be easily traceable. I'd bet on inside job. It would seem to be an entirely appropriate case for either the Cyber Crimes Investigation Bureau (CCIB) or the High-Tech Crime Division (HTCD). But question is will they really be interested in investigating this real crime rather than easy targets such as "defamation"? Should be easy to trace which bank account the money actually went to for sure. Link to comment Share on other sites More sharing options...
soi3eddie Posted January 2, 2022 Share Posted January 2, 2022 On 12/30/2021 at 11:56 PM, mvdf said: Ruthless of them to simply dismiss responsibility. The appropriate way to right this wrong is for them to write off this loss for reputational reasons and offer you a room complimentarily. As a business owner dealing with public in the UK, I can say that a good reputation (and the confidence it gives to future clients) is much more important than failing to resolve an issue such as this. I would immediately investigate and tighten IT security whilst making good the financial loss of the customer by either compensating or offering the services expected. Sadly Thai businesses do not seem to care to uphold these values. Then they cry when they have no customers (but maybe fear of defamation suits stops their name being published so why care anyway?). T.I.T. Link to comment Share on other sites More sharing options...
Liverpool Lou Posted January 3, 2022 Share Posted January 3, 2022 14 hours ago, The Theory said: 19 hours ago, Liverpool Lou said: Well, if that highly unlikely circumstance did happen, at least the OP has the name and bank details of the perpetrator that you suggest those staff gave him. And you believe that everything is "logical" here ???? Huh? What are you suggesting that "I'm believing is logical"? Link to comment Share on other sites More sharing options...
plus7 Posted January 18, 2022 Author Share Posted January 18, 2022 Hi, I was near Customer Protection Board and brought them this case and police report. A clerk in the office, who didn't seem too much busy, said that since I had not entered into contractual agreement with the hotel - they didn't receive the money actually - I'm not covered by "customer protection law" I think I need a lawyer who could explain how come that email "Yes, please pay to this account" is not an agreement in Thailand. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now