Marriott Server Compromised, Rerouting Guest's Internet To Casino Scam Site?

Image courtesy of

When Will changed around the server settings to use a public DNS server instead of Marriott's, the problem disappeared, leading Will to think someone had "poisoned" Marriott's DNS servers to drive traffic to their casino scam page(s). He then reported this to Marriott's techs. We've spoken ourselves with Marriott's server people and they confirm that the secondary DNS is wacked but they need to investigate further.

Will’s mom was surprised when opening up her laptop at a Marriott to find that if you mistyped addresses, it took you to a popup that said, “CONGRATULATIONS!!! YOU’VE WON VIRTUAL REALITY CASINO ! CLICK on OK and Get up to +200$ BONUS NOW!”

When Will changed around the server settings to use a public DNS server instead of Marriott’s, the problem disappeared, leading Will to think someone had “poisoned” Marriott’s DNS servers to drive traffic to their casino scam page(s). He then reported this to Marriott’s techs. We’ve spoken ourselves with Marriott’s server people and they confirm that the secondary DNS is wacked but they need to investigate further.

Could this be Cisco 4400 series virtual gateway IP address being 1.1.1.1 and getting taken advantage by malicious forces unknown? Next time you’re at the Courtyard Marriott on Cerrillos Rd in Santa Fe, NM, run a traceroute and tell us.

We have no idea, but even if this turns out to have an innocuous explanation, travelers should be extra-cautious when using unknown internet connections. — BEN POPKEN

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.