A new and particularly hard-to-spot scam is targeting Booking.com users, with fraudsters posing as hotels or the platform itself to steal customers’ bank details. Their method is especially effective because it uses genuine personal information linked to the booking.
According to RMC Conso, victims are typically contacted within 24 to 48 hours of making a reservation. They receive a message via WhatsApp or text message, allegedly sent by the establishment, asking them to confirm their bank details. The trap appears credible: the booking reference, as well as the customer’s first and last name, are included.
Even more concerning, some messages arrive directly through Booking.com’s internal messaging system. The scammers then cite a “payment issue” and urge the customer to pay again, threatening to cancel the booking if they do not comply. The link provided redirects to a fake website that closely mimics the official interface.
Booking.com has confirmed that these messages are fraudulent. The platform explains that hackers have managed to target certain partner hotels through phishing campaigns, granting them temporary access to the hotels’ business accounts. The thieves can then contact customers directly by impersonating the establishment.
According to cybersecurity specialists, these attacks exploit vulnerabilities that allow hackers to harvest personal data. For its part, Booking.com insists it is investing heavily in artificial intelligence technologies to detect and block such activities as quickly as possible. The platform has also recently changed most of the booking references for reservations made in the past few days in order to protect customer security.
