Booking.com targeted by scammers

Booking.com is reporting that some customer’s accounts have accessed by scammers.

Anyone using the platform Booking.com to book their holidays or accommodation are being warned they could be targeted with emails or messages requesting payments from hotels who have had their account taken over by fraudsters.

Between June 2023 and September 2024, Action Fraud received 532 reports from individuals, with a total of £370,000 lost.

Insight from Action Fraud reports suggests the individuals were defrauded after receiving unexpected messages and emails from a Booking.com account belonging to a hotel they had a reservation with, which had been taken over by a criminal. Using this account, the criminals send in-app messages, emails, and WhatsApp messages to customers, deceiving them into making payment and/or requesting credit card details.

 The specific account takeovers are likely to be the result of a targeted phishing attack against the hotel or accommodation provider, and not Booking.com’s backend system or infrastructure.

“If you receive an unexpected request from a hotel’s account you booked with using Booking.com asking for bank details or credit card details, it could be a fraudster trying to trick you into parting ways with your money. Contact Booking.com or the organisation directly if you’re unsure.

“Remember to report any suspicious emails by forwarding it to report@phishing.gov.uk, or if you receive a fraudulent text message, you can forward it to 7726.”