We have received several queries and complaints about the accommodation and holiday booking platform Booking.com that are strikingly similar and suggest that criminals are targeting its customers in order to steal money from them, in ways that can only be described as sinister.
First up is a reader called Nuala who contacted us on behalf of her daughter who made a booking through Booking.com for accommodation in Thailand for herself and her friends.
After some time Nuala’s daughter got an email which looked for all the world like it was from Booking.com to say they were changing their terms and conditions and she was now required to pay for the accommodation well in advance.
Nuala says her daughter “was a bit wary of the request and she checked the email very carefully to ensure it was from their exact email and it was. She was still wary so she messaged the property directly through the Booking.com app and they came back and said yes, that it was correct. Again she checked the message to ensure it was through Booking.com. She was concerned that the accommodation would be cancelled so she paid it.”
The sum was in excess of €1,000.
Not long after she did, she got another message from the property to tell her not to pay.
“But it was too late. She had to fork out again for the accommodation. She has spent endless calls to Booking.com over the past few months trying to get it sorted. All the emails and app messages are definitely from Booking.com and they say they are aware of this happening and are investigating. She just spends hours on the phone and never makes any progress,” Nuala writes.
“I have been telling loads of people about this and some have come back and said thank you for letting them know as they also received similar emails. Just last week my sister got the same email from the Booking.com email and also a message through their app requesting payment.”
Next up is Grainne. “I received an email from Booking.com to my Gmail account to advise me I had a new message in the Booking.com app. The email looked very like every other email update I have received by hotels as in it included my booking reference plus the details of guests etc,” she writes.
“The message said due to an update with their booking policies I needed to add an additional card to secure my booking. I clicked on the link and it took €314 out of my Revolut account. Before I approved the transaction I asked the booking agent about it and they said it was just a hold and I would get a refund.”
Based on this assurance, she approved the transaction in her Revolut account.
“Within 10 minutes I sent a message to the hotel via the Booking.com app and they came back to say it wasn’t them who sent the message I got. I contacted Revolut immediately and cancelled my card. I then raised a chargeback request [which] was denied as I approved the fraudulent payment,” she says.
“My concern about this is how sophisticated it is. The fraudulent email knew my booking reference, how much the hotel should cost and how many people are on the booking.”
And finally, there is Geraldine who was “almost scammed” by a message coming from the Booking.com app ahead of a trip to Paris for a World Cup match.
“My husband got a message from within the Booking.com app appearing to be from the hotel saying that we needed to secure the booking with credit card details. My husband was slightly suspicious so he called Booking.com and they confirmed that it was a genuine message from the hotel,” she says. “When my husband entered his card details on the link provided, it was (thankfully!) flagged as fraud by Revolut. My husband then contacted the [hotel] and they confirmed that someone was attempting to scam guests on Booking.com using their profile. Given the number of Irish people likely to be travelling to Paris [that] weekend, I’m sure we weren’t alone in being targeted by this sophisticated scam and it would be great to get the word out there.
“The fact that Booking.com is being used by fraudsters is also concerning as this site will be trusted and used by many.”
We contacted Booking.com to find out what was going on and if it was aware its customers were being targeted by scammers. We also expressed concern that the criminals appeared to know details of the bookings that had been made on the platform and asked how this might be possible. And we asked – specifically – what might be done to help our readers (and their children) who have been left substantially out of pocket as a result of this criminal activity.
In response, we received the following statement.
“We are sorry to hear about the experience of the Booking.com customers that you shared with us. After reviewing the reservations in question, we can confirm that these customers were targeted by a phishing scam and have now been refunded in full.
“While this was not a security breach on Booking.com and likely a coordinated effort by scammers to commit fraud against both the guest and the accommodation, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and unfortunately to our customers, who can fall victim to professional scammers.
“At Booking.com we take safety and security very seriously. Besides the significant amount of analysis we take to verify each and every accommodation before they go live on our platform, we have dedicated teams that use high-standard personalised technical tools to monitor, detect and block suspicious activities. We also provide regular guidance and updates with our partners about how to keep their accounts secure via proactive email campaigns and have been continuously updating and expanding the cybersecurity section of our Partner Hub to include even more information on malware and phishing so that our partners are as up to date as possible on the latest trends that we are seeing.
“Online fraud and cyber criminal activity is unfortunately a pressing issue across many sectors, including the travel industry. As for practical advice, we recommend that customers carefully analyse the details of an accommodation before booking with them, including payment policies. If an accommodation partner asks for a payment that is not described in this policy, or asks for a payment outside of the Booking.com platform, customers should not pay, but contact our team.”