As we all know, Booking.com is a leading online travel agency, and impressively, lists over 28 million accommodations across 227 countries and manages more than 1.5 million room nights reserved daily. However, its popularity also attracts scammers who exploit both travellers and hotel businesses. Understanding these recent scams is crucial for protection.

How Cybercriminals Hack Booking.com Accounts

Scammers target businesses on Booking.com through sophisticated phishing tactics. Here’s how they do it:

  • Phishing Emails: Cybercriminals send emails to hotel staff that appear to be from Booking.com. These emails contain malicious links that, when clicked, install malware on the hotel’s computer systems.

  • Malware: The malware installed on the hotel’s network searches for data related to Booking.com reservations, including sensitive customer information such as names, email addresses, and booking details.

  • Direct Contact with Customers: Using stolen information, hackers contact the hotel’s customers directly, posing as the hotel or Booking.com representatives. They claim there is an issue with the booking or payment, prompting the customer to provide payment information or make a new payment directly to the cybercriminal.

Six Booking.com Scams to Avoid

  1. Fake Accommodation Listings: Scammers create fake property listings to attract customers with significantly lower prices. They claim “claim “pay on arrival with free cancellation” and request payments via bank transfer to personal accounts when no actual accommodation exists and keep the money for themselves.
  2. Payment Scams: Scammers convince travellers to make payments through alternative methods. They often contact guests through the platform messaging or email system, with excuses such as their bank account being connected to a different website.
  3. Overpayment Scams: This is an eye-opening one. Posing as guests, scammers overpay for a booking using stolen credit cards. They then request a refund of the overpaid amount via a different method, such as a wire transfer, resulting in financial loss for the hotel when the original payment is reversed.
  4. Phishing Emails and Fake Booking.com pages: These scams use fake webpages that appear legitimate. Victims are prompted to re-enter their credit card or bank details, which the attackers then use for fraudulent activities.
  5. Fake Confirmation Emails: Scammers send emails that look exactly like they’ve come from Booking.com, asking for bank card details and threatening to cancel the reservation if the information isn’t provided promptly.
  6. Tech Support Scams: Fraudulent emails such as ‘Request Assistance’ to alert users to suspicious activity on their Booking.com accounts, directing them to a fake site to provide personal information or download malicious software.

 

How to Spot a Booking.com Scam

Suspicious Emails
Be cautious of emails asking for immediate action or payment, especially those not addressing you by name. Look for unusual sender addresses or links.

Unusual Payment Requests
Be cautious if asked to make payments through unconventional methods, such as wire transfers or direct bank deposits. Booking.com never requests payments outside its platform.

Too Good to Be True Deals
Surely a red flag? Listings with prices significantly lower than the average for the area should prompt further investigation. Confirm such listings by checking reviews and directly contacting the property directly.

Urgency
Phishing emails and messages often create a sense of urgency, making you feel the need to act immediately. They might ask for your credit card details or insist on a payment, under the threat of cancelling your booking. if you don’t comply.
 

How to Book Your Holiday Safely

  • Use Secure Payment Methods: Only use the secure payment options provided by Booking.com. Avoid direct transfers or payments outside the platform.

  • Verify Communications: If you receive an email or call requesting payment or personal information, contact the hotel or Booking.com directly using official contact details, not those provided in the email.

  • Keep Software Updated: Ensure your devices and software have the latest security patches to protect against malware.

  • Educate Staff: If you operate a hotel or manage a property, train your staff to recognise phishing attempts and other common scam tactics. At PhishFrenzy we help to manage Phishing Simulations and Security Awareness Training for your employees regularly for safer and best practices. Learn More.

  • Regular Monitoring: Keep an eye on your Booking.com account and listings for any unusual activity or changes you did not authorise.

  • Check Financial Statements: Regularly check your bank and credit card statements for unauthorised transactions. If you suspect fraudulent activity, contact your bank immediately.

PhishFrenzy Can Help

PhishFrenzy Can Help

Booking.com scams are a growing concern in the travel industry. With the rise in online scams, especially on popular travel booking platforms, vigilance is key. By understanding the various tactics used by scammers and adopting best practices for online security, we can significantly reduce the risk of falling victim to these schemes. Regular monitoring and staff education are crucial for businesses to prevent and respond to these threats and that’s where we can help.

Service Overview

Contact Us