Booking.com users are being warned about a sophisticated hotel scam that has defrauded hundreds of people out of £370,000. Between June 2023 and September 2024, Action Fraud, the UK’s national fraud reporting centre, received 532 reports of customers falling victim to this scam.
Fraudsters are hijacking hotel accounts on the Booking.com platform to deceive unsuspecting customers. According to Action Fraud, these account takeovers are likely the result of phishing attacks targeting hotel staff rather than a breach of Booking.com’s internal systems.
How the Scam Works
Fraudsters take over hotel accounts on Booking.com and use them to send fake messages to customers. These messages, often sent via the platform’s in-app messaging system, emails, or even WhatsApp, appear legitimate and come from the hotel where the customer has made a booking.
The scammers typically request payments, credit card details, or sensitive financial information under the guise of confirming or securing the reservation. Believing the messages are genuine, customers unknowingly share their information or transfer money directly to the fraudsters.
Warning to Customers
Adam Mercer, Deputy Head of Action Fraud, emphasised the need for vigilance: “With more than 500 reports made, those booking holidays on Booking.com should stay alert to unexpected emails or messages. If you receive a request for bank or credit card details, it could be a fraudster. Always contact Booking.com or the hotel directly if you’re unsure.” Mercer also urged customers to report suspicious emails to [email protected] or fraudulent text messages to 7726.
Fraud prevention is key to avoiding these types of scams. Here’s how you can protect yourself:
- Verify the Source
Always confirm the authenticity of unexpected payment requests. Contact the hotel directly using official contact details found on their website or Booking.com.
- Avoid Sharing Sensitive Information
Never share bank or credit card details in response to unsolicited messages, even if they seem to come from trusted sources.
- Use Secure Payment Methods
Always make payments through trusted platforms, such as the Booking.com website or app. Avoid clicking on links in messages to make payments.
- Report Suspicious Activity
If you suspect fraudulent activity, report it immediately to Booking.com and Action Fraud.
Measuring the Impact
This particular hotel scam doesn’t just affect customers; it also damages the reputation of hotels and accommodation providers. By targeting hotel accounts, fraudsters erode trust in digital booking platforms and create a sense of insecurity among customers.
Hotels must implement robust security measures to reduce the risk of phishing attacks and account takeovers. By adopting these practices, hotels can protect their customers and ensure their booking systems remain secure:
- Staff Training: Educate employees on how to identify phishing emails and suspicious activity.
- Multi-Factor Authentication: Use two-step verification to secure login credentials and prevent unauthorised access.
- Regular Security Audits: Assess and update digital security measures regularly to address vulnerabilities.
Stay Safe When Booking Online
As the hospitality sector increasingly relies on digital platforms like Booking.com, the risk of fraud continues to grow. Both customers and hotels must remain vigilant to ensure a safe booking experience. Customers should stay informed about the latest scams, while hotels should prioritise security to protect their accounts. Fraud awareness campaigns and clear communication from booking platforms are essential in reducing the impact of scams like these.
For hotels, investing in better security measures and training staff to spot phishing attempts is critical to maintaining customer trust. Fraud awareness is everyone’s responsibility. By taking proactive steps, we can reduce the risk of scams and enjoy safer, more secure online bookings. If you suspect fraudulent activity, act quickly, report it, and share this information to help others stay protected.
