Popular travel site Booking.com is frequently used to book holidays or accommodation, but users should be cautious of a new scam asking customers to resolve payment issues.
The fraudsters sends users a message purporting to be from the booked hotel or accommodation owner, claiming there was an issue with the card details when making payment. The user is then asked to re-confirm their booking via a new link, otherwise the booking will be cancelled.
The messages are usually sent by criminals who have gained access to the hotel's account and can therefore make the message appear legitimate. The messages are also sent directly via the Booking.com app, although the design has been copied.
Hei e Beispill vun engem gefälschte Message op der Booking-App
How can this happen?
It is thought that hackers are using phishing attacks to target employees and thus gain access to Booking.com data. They are able to use the platform's extranet to find communication between guests and accommodation providers, enabling them to spoof the hotels in order to send the fraudulent messages.
If a user clicks on the link supplied in the messages and enters their payment details, the money is sent to a foreign bank account belonging to the fraudsters.
Improving security
Similar scams were carried out in 2023, leading Booking.com to improve its security and introduce two-factor authentication. Two years ago, around 1.5 million fraudulent phishing reservations were identified and blocked. The following year, this number dropped to 250,000. However, scammers are always on the lookout for new ways to dupe their victims.
What to do if you have doubts?
In the case of doubt, it is best to contact the hotel or accommodation provider directly, preferably via telephone. It is also useful to contact Booking.com. The platform says it would never ask for sensitive information via chat.
If you have already fallen victim to the scam, it is best to block your card immediately and contact your bank. You should also contact the police to inform them of the matter if money has been taken from you. In these cases, try to supply proof of the scam and document any exchange with the fraudsters.
