- Beware of phishing scams involving Booking.com, where fraudsters impersonate property owners or Booking.com staff to steal your personal data or money.
- Look out for unusual payment requests or urgent language in emails, as Booking.com never asks users to make payments outside their platform.
- Check the sender’s email address for legitimacy and be cautious of misspellings and grammatical errors in messages, which reputable companies like Booking.com usually avoid.
Booking.com is a popular online travel reservation platform known for its various properties, from hotels and resorts to guest houses and vacation homes.
Recently, the platform has seen a surge in criminal exploitation and scams, resulting in an online travel reservation scam dubbed “the Booking.com scam.” Both hosts and guests have suffered significant financial losses due to this scam.
The Booking.com scam is centered on impostors posing as real property owners or Booking.com staff to trick unsuspecting users. There are several types of Booking.com scams, with phishing and payment fraud common.
For the phishing scam, fraudsters impersonate property owners or Booking.com staff to steal your personal data or money. They’ll contact you via emails, texts, or calls, often tricking you into clicking on a malicious, fake Booking.com link.
In late 2023, security research firm Akamai uncovered an infostealer targeting hotels using Booking.com. The attacker makes a real booking at a hotel, choosing the “pay at hotel” option, then once accepted, spams the hotel with links to photos. Hidden in the photos is the infostealer malware, which, once downloaded, allows the attacker to target the hotel’s legitimate messaging with customers.
The attackers then use the stolen guest data to send victims customized payment requests via Booking.com messages. Many of these guests trusted the messages since they came from hacked hotel accounts and shared their credit card details.
Booking.com payment scams often involve scammers convincing customers to make payments through unofficial channels. The perpetrators typically contact guests via the platform’s messages or email, asking victims to complete payments using an alternative method or website, often citing reasons like their bank account being connected to a different website.
In some instances, the landing page of the alternate (phishing) site was pre-populated with the victim’s personal details, including their full name, hotel details, and stay duration, making the scam seem more credible.
On the phishing page, victims are asked to re-enter their credit card or bank details. The attackers then collect this data and could use it for credit card fraud.
To prevent falling for a Booking.com scam, it’s crucial to spot the warning signs.
Unusual Payment Requests
If you’re asked to pay using a method not approved by Booking.com, it’s probably a scam. Booking.com never asks users to make payments outside their platform.
Phishing emails and messages typically convey a sense of urgency, making you feel the need to act immediately. They might ask for your credit card details, claiming it’s for a “verification test” or insist on a payment, with the threat of canceling your booking within 24 hours if you don’t comply.
Fake Sender’s Address
It’s a good practice to check the sender’s email address before opening any email. Reputable companies often use their official subdomains for email communication. In the case of Booking.com, emails from them should have an address ending in @booking.com.
Misspellings and Grammatical Errors
Be cautious of messages or emails with misspellings and grammar errors. Established companies, like Booking.com, tend to maintain clear and error-free communications.
In the ever-changing world of online security threats, it’s important to be vigilant and take proactive measures to protect yourself from scams. Here are steps you can take to protect yourself from the Booking.com scam.
If you receive suspicious messages via Booking.com, contact the hotel directly for verification. However, avoid using the Booking.com app; instead, call the hotel using the phone number listed on their official website, not the one provided in the suspicious message.
Also, regularly check your bank and credit card statements for unauthorized transactions. If you suspect you’ve given your payment card details to a fraudster, contact your bank immediately.
In addition, always check URLs carefully, ensuring web addresses match the official site. Watch out for minor misspellings or unusual domain extensions, and inspect suspicious links.
For now, avoid clicking on links sent to you through the Booking.com app, as they might be from individuals running hacked hotel accounts trying to trick you into sharing your personal details.
Online booking platforms, including Booking.com, have made reserving hotels easier, but they’ve also become a magnet for scammers targeting hosts and guests. You can spot a Booking.com scam by watching for signs like urgent language, spelling mistakes, and fake sender addresses.
To avoid falling for Booking.com scams, avoid clicking on suspicious links, and if you suspect you’re a victim, contact your bank and report it immediately to Booking.com.