The digital age has brought about many conveniences, especially in how we plan and book our travels.

However, with the increased ease of making online reservations, there also comes a heightened risk of scams targeting unsuspecting travellers.

Recently, the Australian Competition and Consumer Commission (ACCC) has reported a worrying surge in scam activities, specifically those referencing the popular accommodation site Booking.com, leading Australians to lose substantial sums of money.

In 2023, over $337,000 was lost by Australians to scams mentioning Booking.com, which is a staggering jump and a nearly 600 per cent increase from 2022, according to the ACCC.

The ACCC's Scamwatch program received 363 complaints, a figure that can't be ignored and indicates a clear trend.

An example of a scam message through Booking.com Credit: ABC News

One of the latest victims of the Booking.com scam is Robyn, a Queensland resident.

She said she received a message through Booking.com, seemingly from a hotel in Istanbul, Türkiye, where she had a booking.

The message claimed her booking would be cancelled unless she confirmed her payment details. The link provided led her to a site that looked identical to Booking.com, complete with her trip details and costs.

'It was very legitimate looking, it was so good,' Robyn said.

'It was very confusing and so convoluted…It all looked so real.'

After providing her credit card details, she was told her card couldn't be used due to 'security purposes'.

When she entered the details of a second card, she was asked to make a bank transfer.

This raised her suspicions, and she messaged the hotel through Booking.com, not realising that cybercriminals were controlling the messages.

‘I had a conversation with people that I thought were in the hotel,’ she recounted.

‘I got very angry, and they then became very aggressive with me.’

Then, a legitimate representative from the hotel eventually called her directly.

'The hotel said that their system through Booking.com had been basically hijacked,' she said.

'They could see me talking to people, but it wasn't them…They said they couldn't get into the system to tell me to stop talking to them.’

Within an hour of her credit card details being stolen, her bank contacted her about a suspicious transaction on her account—a hotel booking in Budapest, Hungary, made through Booking.com.

When she contacted the Budapest hotel, Robyn was told the venue had already cancelled the booking because a man with a French accent, a Portuguese name, and an English address made it.

In total, Robyn's cards were used for accommodation bookings totalling around $25,000. Fortunately, her bank later returned the funds.

When Robyn contacted Booking.com about the fraud, she found the company's customer service team to be 'uninterested'.

'I said, “Your system has been hacked…I was talking to these people through your system.” And they were just really unhelpful and didn't care,' she said.

Unfortunately, Robyn wasn’t the only one who got scammed through Booking.com

Last year, several customers of the site voiced complaints regarding fraudulent emails from [email protected], threatening cancellation of the customers’ stay unless they confirmed their bank details through an embedded link.

There was also an intricate phishing scam from a travel website where unknown hackers swooped in to steal unsuspecting customers’ credit card details.

Robyn said the Booking.com scam message ‘looked so real’. Credit: Freepik

Booking.com acknowledged that some of its accommodation partners had been targeted by phishing emails 'sent by professional criminals, with the intent of taking over their local computer systems with malware'.

‘In some cases, this has led to unauthorised access of their Booking.com account, which enables these fraudsters to temporarily impersonate the accommodation and communicate with guests via email or messages,’ a spokesperson said.

‘It's important to highlight that Booking.com's back-end systems and infrastructure have not been breached, and the number of accommodations impacted are a small fraction of those on our platform.’

The statement continued: ‘At the same time, we understand the importance of keeping the data we are entrusted with secure. That's why we continue to make significant investments to limit the impact and have put new measures and alerts in place to update and protect our customers, as well as our accommodation partners.’

The company then advised customers to report suspicious messages to its customer service team, check the payment policy associated with their booking, and be careful not to share their credit card details over email, text message or instant messaging platforms.

Booking.com, which has its headquarters in Amsterdam, said that it had more than 2.7 million properties and more than 400,000 hotels, motels, and resorts on its website by the end of 2022.

The ACCC advised Booking.com users to protect themselves from phishing scams by independently verifying any emails or messages they receive which include a link or ask for personal or banking information.

This usually involves contacting the accommodation provider directly using a phone number from their official website—and not one provided in an email or Booking.com message.

'Be aware that Booking.com customer service representatives won't ask you to provide your account password or financial information such as a credit card over the phone,' the ACCC said.

Booking.com also shared with its accommodation providers—which use its property management platform Extranet—that provider accounts ‘can be a tempting target for cybercriminals and fraudsters’, as they contain a ‘large amount of guest data, including names, addresses, credit card details, and phone numbers’.

‘Fraudsters may attempt to mimic our emails in order to phish your username and password for the purposes of taking over your account,’ Booking.com said

‘These phishing emails can lead to a webpage that looks very similar to the Booking.com Extranet login page—but if you look at the URL address bar, you'll notice differences.’

Booking.com said it disables properties to include links in messages to guests if suspicious activity is detected on their account.

Robyn's experience serves as a cautionary tale for all online users.

'Would I get caught like that again? No,' she said.

'Have I booked through Booking.com again? No.'

Tip

If you or someone else was scammed, notify your bank immediately. You can also report the scam to Scamwatch here.

You can also head over to our Scam Watch forum to stay updated with the latest tricks scammers use to deceive people out of their money and sensitive details.

Key Takeaways

• Scam reports mentioning Booking.com have experienced a significant surge in 2023, leading to substantial financial losses for Australians.
• Victims of Booking.com scams, such as Queensland resident Robyn, have encountered sophisticated phishing attempts that mimic legitimate communications from accommodation providers.
• Booking.com asserts that its back-end systems have not been breached but acknowledges that a number of its accommodation partners have been affected by phishing attacks that enable scammers to impersonate them.
• The ACCC advises Booking.com users and accommodation providers to be vigilant and independently verify any communications requesting personal or banking information as part of measures to protect themselves from phishing scams.

Have you ever encountered a similar situation, members? Share your experiences and tips in the comments below.

 

[hdhensel]

Booking .com is based in Amsterdam.

too big now. Too impersonal. Too many avenues for scammers. We need a different system

 

[Keswickian]

Why are so many people so quick to malign Booking.com?
It is absolutely NOT their fault that scammers somewhere in the world are cloning their website for malicious purposes. The same thing could happen to any of the booking agencies that we use.

Also, how many times do we have to spell it out: NEVER NEVER NEVER click on a link from an email or SMS. Always go back to the Booking.com or other website you used when you made the booking.

There is a glaring clue in the picture above that this was a scam: "Use your Mastercard for verification you as cardholder". This is just poor English which would not be used by a reputable Company like Booking.com.

 

[BruceC]

The message stinks of SCAM from the first sentence to the last. Nothing realistic about it. The added link, 24 time limit, use your mastercard are all giveaways.

And yet foolish people continue to fall for them.
As I have said many times., I have no sympathy whatsoever for anyone who falls for these scams”.
And yes as one lady replied to me saying “I’m a nasty piece of work”, that I maybe but at least i’m not a fool and will never fall for these scams!

 

[ElleJay]

Once again if anyone clicks on any of these links on these emails then:
I HAVE NO SYMPATHY WHATSOEVER FOR THEM
THEY DESERVE TO LOSE EVERY CENT THEY HAVE!

Avoiding a scam is so damn simple.
Sadly it’s the SIMPLE people getting caught.

How many times do people have to be told?
If you get any message from any of these supposed organisations stating there is an issue with payments or anything for that matter SIMPLY close the message and contact that organisation direct either by phone or using the known app with your login and password!

As I have said so many many times before, if you are stupid enough to click on any link on any of these messages then you are a fool! And A FOOL AND THEIR MONEY ARE EASILY PARTED!

BruceC you only ever seem to pop up to yell at people (in capital letters), tell them they are fools, you have no sympathy for them and they deserve to lose all their money. What a delightful person you must be!

 

[ElleJay]

I sometimes use Booking.com to find a list of motels (or other accommodation) in a particular location. Once I have selected the motel I want, I Google it and go to the motel's website. I then phone the motel and book directly with them. It is usually cheaper and you are dealing with the actual motel, so you can ask questions like: do they provide breakfast?

 

[BruceC]

BruceC you only ever seem to pop up to yell at people (in capital letters), tell them they are fools, you have no sympathy for them and they deserve to lose all their money. What a delightful person you must be!

And I will continue to do so until these people wake up!
How many times do people have to be told, explained to, every single day on the news, in Seniors Discount Club and every other media outlet.
As I have said so many times.
it’s so damn simple not to get caught.
DO NOT RESPOND TO THESE MESSAGES/EMAILS!
Contact the organisation directly via phone or their actual official app to find out if the message is a scam or not!
If people don’t do this and click on ANY link or hand over their details then they deserve to lose everything!

 

[BruceC]

Why are so many people so quick to malign Booking.com?
It is absolutely NOT their fault that scammers somewhere in the world are cloning their website for malicious purposes. The same thing could happen to any of the booking agencies that we use.

Also, how many times do we have to spell it out: NEVER NEVER NEVER click on a link from an email or SMS. Always go back to the Booking.com or other website you used when you made the booking.

There is a glaring clue in the picture above that this was a scam: "Use your Mastercard for verification you as cardholder". This is just poor English which would not be used by a reputable Company like Booking.com.

And the fact that if you use Booking.com they never charge your card and then credit it straight back.
But fools will continue to fall for these scams no matter how many times they are warned.

 

[mylittletibbies]

Why are so many people so quick to malign Booking.com?
It is absolutely NOT their fault that scammers somewhere in the world are cloning their website for malicious purposes. The same thing could happen to any of the booking agencies that we use.

Also, how many times do we have to spell it out: NEVER NEVER NEVER click on a link from an email or SMS. Always go back to the Booking.com or other website you used when you made the booking.

There is a glaring clue in the picture above that this was a scam: "Use your Mastercard for verification you as cardholder". This is just poor English which would not be used by a reputable Company like Booking.com.

I sometimes use Booking.com to find a list of motels (or other accommodation) in a particular location. Once I have selected the motel I want, I Google it and go to the motel's website. I then phone the motel and book directly with them. It is usually cheaper and you are dealing with the actual motel, so you can ask questions like: do they provide breakfast?

Website tells you that