Customers using Booking.com are being urged to exercise caution following reports of a sophisticated scam that has defrauded hundreds of people out of a total of £370,000. The warning comes from Action Fraud, the UK’s national reporting centre for fraud and cybercrime, after 532 incidents were reported between June 2023 and September 2024.
Fraudsters are taking control of hotel accounts on the Booking.com platform, using these accounts to send deceptive communications to customers. Victims have reported receiving messages via the platform’s in-app messaging system, emails, or even WhatsApp messages, purporting to be from the hotels where they had made reservations.
The messages often include requests for payments, credit card details, or other sensitive financial information. Customers, believing the messages to be genuine, unknowingly transfer money or share their details with the scammers.
According to Action Fraud, these account takeovers likely result from targeted phishing attacks against hotels or accommodation providers, rather than a breach of Booking.com’s internal systems or infrastructure.
Adam Mercer, Deputy Head of Action Fraud, said:
“With more than 500 reports made to Action Fraud, those who have booked a holiday on the Booking.com platform should stay alert to any unexpected emails or messages from a hotel using the Booking.com platform, as their account could have been taken over by a criminal.”
“If you receive an unexpected request from a hotel’s account you booked with using Booking.com, asking for bank details or credit card details, it could be a fraudster trying to trick you into parting ways with your money. Contact Booking.com or the organisation directly if you’re unsure.”
“Remember to report any suspicious emails by forwarding it to report@phishing.gov.uk, or if you receive a fraudulent text message, you can forward it to 7726.”
Customers are being advised to follow these tips to safeguard against falling victim to such scams:
- Verify the Source: Always confirm the authenticity of any unexpected payment requests or communications. Contact the hotel directly using official contact details.
- Avoid Sharing Sensitive Information: Never provide credit card or bank details in response to unsolicited messages, even if they appear to come from a trusted source.
- Use Secure Payment Methods: Make payments directly through the Booking.com platform or trusted channels, rather than through links provided in messages.
- Report Suspicious Activity: If you suspect fraudulent activity, report it immediately to Booking.com and Action Fraud.
For hotel and accommodation providers, this scam serves as a stark reminder of the importance of robust cybersecurity measures. Phishing attacks targeting staff can result in account takeovers, leading to reputational damage and loss of customer trust. Training staff to recognize phishing attempts and securing login credentials with multi-factor authentication are critical steps to protect accounts.
As the hospitality industry continues to embrace digital platforms, the risk of cybercrime grows. Booking.com customers and hotel operators alike must remain vigilant to ensure a safe and secure booking experience.
For further advice on avoiding scams and reporting fraud, visit the Action Fraud website.