Booking.com is one of the most popular online travel agencies worldwide, available in 43 languages, with over 28 million reported accommodation listings across 227 countries and more than 1.5 million room nights reserved daily.
The platform's extensive reach and user-friendly interface make it a preferred choice for travelers seeking accommodations globally. However, its popularity also attracts the attention of scammers looking to exploit unsuspecting travelers and hotel businesses. Whether you are a traveler, a landlord, or a hotel owner, understanding the tactics used by these scammers is the first step in protecting yourself or your business.
Related: How scammers gain access and hack your WhatsApp account and what you can do to protect yourself
How Scammers Hack Booking.com Accounts
Scammers and hackers have increasingly targeted businesses that use Booking.com by employing sophisticated phishing tactics. The process typically unfolds as follows:
1. Phishing Emails: Hackers send phishing emails to hotel staff, often disguised as official communications from Booking.com. These emails contain malicious links that, once clicked, download malware onto the hotel's computer systems.
2. Malware Installation: The malware infiltrates the hotel's network, searching for data related to Booking.com reservations. This can include sensitive customer information such as names, email addresses, and booking details.
3. Direct Contact with Customers: Using the stolen information, hackers contact the hotel's customers directly, pretending to be the hotel or Booking.com representatives. They often claim that there is an issue with the booking or payment, prompting the customer to provide payment information or make a new payment, which goes straight to the scammers.
This type of scam is particularly effective because it exploits the trust customers place in reputable platforms and the legitimate appearance of the communications they receive.
6 Common Booking.com scams you should know and avoid
1. Fake accommodation listing
Scammers create fake property listings to lure customers, often offering significantly lower prices to attract bookings.
Example: An apartment is listed on Booking.com with minimal photos and no reviews. The listing claims to be "pay on arrival with free cancellation" but also states, "Booking.com takes your payment on behalf of the property." If you contact the supposed landlord, they will claim they have no bank account on file with Booking.com and ask for a bank transfer to a personal account. If you pay, your money will go into the scammers' pockets.
Related: Don't Get Scammed! Facebook Marketplace scams you should avoid
2. Payment scam
Payment scams often involve scammers convincing travelers to make payments through unofficial channels. The perpetrators typically contact guests via the platform's messages or email, asking victims to complete payments using an alternative method or website. They often cite reasons like their bank account being connected to a different website.
Related: PayPal Text Scams: How to Spot and Avoid Them
3. Overpayment Scams (targeting booking.com partners): Scammers pose as guests and overpay for a booking using stolen credit cards. They then request a refund of the overpaid amount through a different method, such as a wire transfer, which, once completed, leaves the hotel at a loss when the fraudulent payment is reversed.
4. Phishing Emails and Fake Booking.com Webpages
Phishing scams often use fake Booking.com webpages that look legitimate by pre-populating the victim's personal details, such as full name, hotel information, and stay duration. This tactic enhances the credibility of the scam. On these phishing pages, victims are prompted to re-enter their credit card or bank details, which attackers then collect and use for fraudulent activities.
Related: How to Spot and Report Email Scams
5. Fake Confirmation Emails
When they manage to enter a hotel's system, scammers send messages to customers asking for bank card details and threatening reservation cancellation. These scam emails, originating from within Booking.com's system, instruct recipients to confirm hotel payment through an embedded link. The emails claim the reservation will be canceled unless the details are provided within a specified time frame, typically twelve hours. These notifications also appear in Booking.com's mobile app, adding to the scam's credibility.
6. Booking.com tech support scam
This scam consists of emails alerting users to suspicious activity in their Booking.com accounts. These emails claim there has been unauthorized access and prompt users to click a link for assistance. The link directs them to a fraudulent site where they are asked to provide personal information or download software. This data is then used for identity theft or further malicious activities.
Related: How To Spot and Avoid Tech Support Scams
How to Spot a Booking.com Scam
To protect yourself from Booking.com scams, watch out for these warning signs:
1. Suspicious Emails: Be cautious of unexpected emails requesting immediate action or payment, especially those not addressing you by your name. Check for unusual sender addresses or links.
2. Payment Requests: Be wary of any request for payment through unconventional methods, such as wire transfers or direct bank deposits, especially if the request comes via email or phone. Booking.com never asks users to make payments outside their platform.
3. Too Good to Be True Deals: Listings with prices significantly lower than the average for the area should raise a red flag. Verify such listings by checking reviews and contacting the property directly.
4. Urgent Language. Phishing emails and messages typically convey a sense of urgency, making you feel the need to act immediately. They might ask for your credit card details, claiming it's for a "verification test" or insist on a payment, with the threat of canceling your booking if you don't comply.
How to book your holiday safely
To minimize the risk of falling victim to scams on Booking.com, follow these best practices:
1. Use Secure Payment Methods: Always use the secure payment options provided by Booking.com. Avoid direct transfers or payments outside the platform.
2. Verify Communications: If you receive an email or call requesting payment or personal information, contact the hotel or Booking.com directly using contact details from the official website (not from the email you received).
3. Keep Software Updated: Ensure your devices and software are updated with the latest security patches to protect against malware.
4. Educate Staff: For hotel operators or landlords, train your staff to recognize phishing attempts and other common scam tactics.
5. Regular Monitoring: Regularly monitor your Booking.com account and listings for any unusual activity or changes you did not authorize.
6. Regularly check your bank and credit card statements for unauthorized transactions. If you suspect you've given your payment card details to a fraudster, contact your bank immediately.
7. Use Scamio to uncover scammers. If you suspect someone is trying to scam you, check with Scamio, our AI-powered scam detection tool. Send any texts, messages, links, QR codes, or images to Scamio, which will analyze them to determine if they are part of a scam. Scamio is free and available on Facebook Messenger, WhatsApp, and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia, and the UK.
FAQs
How to avoid Booking.com scams?
To avoid scams on Booking.com, always verify the legitimacy of emails and messages by contacting Booking.com directly. Use secure payment methods, and never provide personal or financial information through suspicious links. Regularly monitor your account for unusual activity and enable two-factor authentication for added security.
What are the signs that your Booking.com account is hacked?
Here are a few indications you've been hacked:
- There are unfamiliar bookings or account changes.
- Your email has been sending messages you didn't create.
- Your passwords have changed without you knowing, locking you out of your account.
- You get fake antivirus messages asking you to install.
- Your personal data is leaked. Is that the case? Find out now with Bitdefender Digital Identity Protection.
What to do if my Booking.com account has been hacked?
- Change Your Passwords: Immediately update your Booking.com password and any other accounts using the same password.
- Contact Booking.com Support: Report the issue to Booking.com customer service to secure your account and investigate the breach.
- Enable Two-Factor Authentication: Add an extra layer of security to your account.
- Check for Unauthorized Activity: Review your account for any unfamiliar bookings or changes.
- Monitor Financial Statements: Keep an eye on your bank and credit card statements for any unusual transactions.
