‘It looked so real’: Traveller falls prey to sophisticated Booking.com scam
- Replies 27
The digital age has brought about many conveniences, especially in how we plan and book our travels.
However, with the increased ease of making online reservations, there also comes a heightened risk of scams targeting unsuspecting travellers.
Recently, the Australian Competition and Consumer Commission (ACCC) has reported a worrying surge in scam activities, specifically those referencing the popular accommodation site Booking.com, leading Australians to lose substantial sums of money.
In 2023, over $337,000 was lost by Australians to scams mentioning Booking.com, which is a staggering jump and a nearly 600 per cent increase from 2022, according to the ACCC.
The ACCC's Scamwatch program received 363 complaints, a figure that can't be ignored and indicates a clear trend.
One of the latest victims of the Booking.com scam is Robyn, a Queensland resident.
She said she received a message through Booking.com, seemingly from a hotel in Istanbul, Türkiye, where she had a booking.
The message claimed her booking would be cancelled unless she confirmed her payment details. The link provided led her to a site that looked identical to Booking.com, complete with her trip details and costs.
'It was very legitimate looking, it was so good,' Robyn said.
'It was very confusing and so convoluted…It all looked so real.'
After providing her credit card details, she was told her card couldn't be used due to 'security purposes'.
When she entered the details of a second card, she was asked to make a bank transfer.
This raised her suspicions, and she messaged the hotel through Booking.com, not realising that cybercriminals were controlling the messages.
‘I had a conversation with people that I thought were in the hotel,’ she recounted.
‘I got very angry, and they then became very aggressive with me.’
Then, a legitimate representative from the hotel eventually called her directly.
'The hotel said that their system through Booking.com had been basically hijacked,' she said.
'They could see me talking to people, but it wasn't them…They said they couldn't get into the system to tell me to stop talking to them.’
Within an hour of her credit card details being stolen, her bank contacted her about a suspicious transaction on her account—a hotel booking in Budapest, Hungary, made through Booking.com.
When she contacted the Budapest hotel, Robyn was told the venue had already cancelled the booking because a man with a French accent, a Portuguese name, and an English address made it.
In total, Robyn's cards were used for accommodation bookings totalling around $25,000. Fortunately, her bank later returned the funds.
When Robyn contacted Booking.com about the fraud, she found the company's customer service team to be 'uninterested'.
'I said, “Your system has been hacked…I was talking to these people through your system.” And they were just really unhelpful and didn't care,' she said.
Unfortunately, Robyn wasn’t the only one who got scammed through Booking.com
Last year, several customers of the site voiced complaints regarding fraudulent emails from [email protected], threatening cancellation of the customers’ stay unless they confirmed their bank details through an embedded link.
There was also an intricate phishing scam from a travel website where unknown hackers swooped in to steal unsuspecting customers’ credit card details.
Booking.com acknowledged that some of its accommodation partners had been targeted by phishing emails 'sent by professional criminals, with the intent of taking over their local computer systems with malware'.
‘In some cases, this has led to unauthorised access of their Booking.com account, which enables these fraudsters to temporarily impersonate the accommodation and communicate with guests via email or messages,’ a spokesperson said.
‘It's important to highlight that Booking.com's back-end systems and infrastructure have not been breached, and the number of accommodations impacted are a small fraction of those on our platform.’
The statement continued: ‘At the same time, we understand the importance of keeping the data we are entrusted with secure. That's why we continue to make significant investments to limit the impact and have put new measures and alerts in place to update and protect our customers, as well as our accommodation partners.’
The company then advised customers to report suspicious messages to its customer service team, check the payment policy associated with their booking, and be careful not to share their credit card details over email, text message or instant messaging platforms.
Booking.com, which has its headquarters in Amsterdam, said that it had more than 2.7 million properties and more than 400,000 hotels, motels, and resorts on its website by the end of 2022.
The ACCC advised Booking.com users to protect themselves from phishing scams by independently verifying any emails or messages they receive which include a link or ask for personal or banking information.
This usually involves contacting the accommodation provider directly using a phone number from their official website—and not one provided in an email or Booking.com message.
'Be aware that Booking.com customer service representatives won't ask you to provide your account password or financial information such as a credit card over the phone,' the ACCC said.
Booking.com also shared with its accommodation providers—which use its property management platform Extranet—that provider accounts ‘can be a tempting target for cybercriminals and fraudsters’, as they contain a ‘large amount of guest data, including names, addresses, credit card details, and phone numbers’.
‘Fraudsters may attempt to mimic our emails in order to phish your username and password for the purposes of taking over your account,’ Booking.com said
‘These phishing emails can lead to a webpage that looks very similar to the Booking.com Extranet login page—but if you look at the URL address bar, you'll notice differences.’
Booking.com said it disables properties to include links in messages to guests if suspicious activity is detected on their account.
Robyn's experience serves as a cautionary tale for all online users.
'Would I get caught like that again? No,' she said.
'Have I booked through Booking.com again? No.'
Have you ever encountered a similar situation, members? Share your experiences and tips in the comments below.
However, with the increased ease of making online reservations, there also comes a heightened risk of scams targeting unsuspecting travellers.
Recently, the Australian Competition and Consumer Commission (ACCC) has reported a worrying surge in scam activities, specifically those referencing the popular accommodation site Booking.com, leading Australians to lose substantial sums of money.
In 2023, over $337,000 was lost by Australians to scams mentioning Booking.com, which is a staggering jump and a nearly 600 per cent increase from 2022, according to the ACCC.
The ACCC's Scamwatch program received 363 complaints, a figure that can't be ignored and indicates a clear trend.
An example of a scam message through Booking.com Credit: ABC News
One of the latest victims of the Booking.com scam is Robyn, a Queensland resident.
She said she received a message through Booking.com, seemingly from a hotel in Istanbul, Türkiye, where she had a booking.
The message claimed her booking would be cancelled unless she confirmed her payment details. The link provided led her to a site that looked identical to Booking.com, complete with her trip details and costs.
'It was very legitimate looking, it was so good,' Robyn said.
'It was very confusing and so convoluted…It all looked so real.'
After providing her credit card details, she was told her card couldn't be used due to 'security purposes'.
When she entered the details of a second card, she was asked to make a bank transfer.
This raised her suspicions, and she messaged the hotel through Booking.com, not realising that cybercriminals were controlling the messages.
‘I had a conversation with people that I thought were in the hotel,’ she recounted.
‘I got very angry, and they then became very aggressive with me.’
Then, a legitimate representative from the hotel eventually called her directly.
'The hotel said that their system through Booking.com had been basically hijacked,' she said.
'They could see me talking to people, but it wasn't them…They said they couldn't get into the system to tell me to stop talking to them.’
Within an hour of her credit card details being stolen, her bank contacted her about a suspicious transaction on her account—a hotel booking in Budapest, Hungary, made through Booking.com.
When she contacted the Budapest hotel, Robyn was told the venue had already cancelled the booking because a man with a French accent, a Portuguese name, and an English address made it.
In total, Robyn's cards were used for accommodation bookings totalling around $25,000. Fortunately, her bank later returned the funds.
When Robyn contacted Booking.com about the fraud, she found the company's customer service team to be 'uninterested'.
'I said, “Your system has been hacked…I was talking to these people through your system.” And they were just really unhelpful and didn't care,' she said.
Unfortunately, Robyn wasn’t the only one who got scammed through Booking.com
Last year, several customers of the site voiced complaints regarding fraudulent emails from [email protected], threatening cancellation of the customers’ stay unless they confirmed their bank details through an embedded link.
There was also an intricate phishing scam from a travel website where unknown hackers swooped in to steal unsuspecting customers’ credit card details.
Robyn said the Booking.com scam message ‘looked so real’. Credit: Freepik
Booking.com acknowledged that some of its accommodation partners had been targeted by phishing emails 'sent by professional criminals, with the intent of taking over their local computer systems with malware'.
‘In some cases, this has led to unauthorised access of their Booking.com account, which enables these fraudsters to temporarily impersonate the accommodation and communicate with guests via email or messages,’ a spokesperson said.
‘It's important to highlight that Booking.com's back-end systems and infrastructure have not been breached, and the number of accommodations impacted are a small fraction of those on our platform.’
The statement continued: ‘At the same time, we understand the importance of keeping the data we are entrusted with secure. That's why we continue to make significant investments to limit the impact and have put new measures and alerts in place to update and protect our customers, as well as our accommodation partners.’
The company then advised customers to report suspicious messages to its customer service team, check the payment policy associated with their booking, and be careful not to share their credit card details over email, text message or instant messaging platforms.
Booking.com, which has its headquarters in Amsterdam, said that it had more than 2.7 million properties and more than 400,000 hotels, motels, and resorts on its website by the end of 2022.
The ACCC advised Booking.com users to protect themselves from phishing scams by independently verifying any emails or messages they receive which include a link or ask for personal or banking information.
This usually involves contacting the accommodation provider directly using a phone number from their official website—and not one provided in an email or Booking.com message.
'Be aware that Booking.com customer service representatives won't ask you to provide your account password or financial information such as a credit card over the phone,' the ACCC said.
Booking.com also shared with its accommodation providers—which use its property management platform Extranet—that provider accounts ‘can be a tempting target for cybercriminals and fraudsters’, as they contain a ‘large amount of guest data, including names, addresses, credit card details, and phone numbers’.
‘Fraudsters may attempt to mimic our emails in order to phish your username and password for the purposes of taking over your account,’ Booking.com said
‘These phishing emails can lead to a webpage that looks very similar to the Booking.com Extranet login page—but if you look at the URL address bar, you'll notice differences.’
Booking.com said it disables properties to include links in messages to guests if suspicious activity is detected on their account.
Robyn's experience serves as a cautionary tale for all online users.
'Would I get caught like that again? No,' she said.
'Have I booked through Booking.com again? No.'
Last edited:
.png){kind=icon}
