Warning about a Booking.com scam where scammers pretend to be hotels on its official messaging system
Customers booking holiday accommodation on the Booking.com website are advised to be aware of scammers posing as real hotels.
This is Money saw messages from scammers appearing on the site’s secure messaging portal, asking them to make payments to secure a booking.
A reader alerted us to a message he received while exchanging messages with the owner of a hotel he booked for an upcoming trip.
Fraudsters: Fraudsters sneak messages between hotels and their customers on Booking.com, demanding additional payments.
This is similar to the previous one Booking.com scam It was reported in October 2023, when a number of travelers also said they had received fraudulent messages requesting payment.
In the new case, the reader exchanged several real messages with the hotel he booked via Booking.com’s internal messaging system.
These also came as alerts to their personal email account, which was linked to their Booking.com profile.
This means it appeared to be coming from the address “[email protected]”.
Normally, messages can only be exchanged between customers and representatives of the hotels they have booked on the platform.
Since travelers often share contact details and travel itineraries, the messaging system is supposed to be secure and inaccessible to third parties.
But a reader showed us a message that appeared within this chat thread that had all the hallmarks of a scam.
It said: “Your reservation may be canceled (sic) due to an unknown error if you do not follow some simple steps.” Please check your reservation”
It also included the reservation provider’s full name, and asked them to click on a link to a third-party website where they could “confirm” their reservation.
The website address was not associated with Booking.com or the hotel, and appeared to be trying to lure the reader into a scam.
This could be a phishing scam, where scammers convince people to hand over their personal details by false means – in this case by getting them to enter their names, addresses and banking details into a website that will feed it directly to the scammers.
They can then use this to access a person’s accounts and spend or transfer their money.
The website could also be a spoof of a hotel’s website that asked the booker to transfer a sum of money in order to “confirm” the booking, which would be sent directly to the scammers instead.
The website address in question does not look official and includes a bunch of random numbers, which is another hallmark of the scam.
Fake: Booking.com says scammers had access to ‘a small portion’ of hotel accounts, meaning they were able to send messages to customers
It is important to check the address of the website you are asked to visit, as this will often give away the game. This can be done by hovering over the link without clicking on it.
Fortunately, in this case, the reader saw the scam for what it was and did not click on the link.
However, it highlights the risks to other travelers who might mistake something like this for a genuine payment request.
Some hotels on Booking.com only require payment upon arrival or shortly before arrival, rather than in advance, which may make the idea of “confirmatory” payment seem more legitimate.
This is Money asked Booking.com how this happened and whether its secure messaging system was hacked.
The company denied that fraudsters were able to infiltrate its website.
Instead, she said the scammers were targeting hotels in order to gain access to their Booking.com accounts.
This would allow them to send messages to customers pretending to be hotel employees and then request payment.
A company spokesperson said: “We are sorry to hear about the customer’s situation that has been brought to our attention. As we have previously confirmed, there has been no security breach on the part of Booking.com.
“Some of our accommodation partners have been directly targeted by highly convincing phishing tactics, led by professional cybercriminals, encouraging them to click on links or attachments, which in turn led to malware being downloaded onto their devices, and in some cases giving unauthorized information access. To their Booking.com account.
“This enables these professional fraudsters to impersonate the property and communicate with guests via email or message.”
What to do if you discover a suspicious message
Booking.com said it has made efforts to try to combat the scam since it was first detected last year.
It also provided advice on what customers should do if they spot a suspicious message.
If a customer has concerns about the payment message, we encourage them to carefully check the payment policy details shown on the property’s listing page and in the booking confirmation
The spokesperson added: “Although this was not a Booking.com breach, and the actual numbers of affected properties represent a small fraction of those on our platform, we have made significant investments to limit the impact, and put new protection measures in place.” Our customers and the support of our partners, as the scam evolves.
“If a customer has any concerns about a payment message, we encourage them to carefully check the payment policy details set out on the property’s listing page and in the booking confirmation.
“Customers can also report messages to us via our customer service team, or by clicking ‘Report a Problem’, which is built into the chat function, where we also have clear instructions for customers on how to avoid suspicious activity.”
Some links in this article may be affiliate links. If you click on them we may earn a small commission. This helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to influence our editorial independence.
(Tags for translation) Daily Mail