Beware! Scammers are now targeting Booking.com customers with deceptive 'confirmation' emails
- Replies 1
As technology becomes more sophisticated, so do the methods used by scammers to trick innocent people. This time, criminals are targeting travellers.
The latest ruse specifically targets customers of the online booking and travel platform, Booking.com. According to reports, these tricks utilise a concerning 'confirmation' email intended to scam recipients into revealing their bank details.
This alarming revelation shows how important it is for users to maintain a heightened vigilance, particularly with personal information while booking their travel flights and accommodations online.
In the past few weeks, several customers of the site have voiced complaints regarding such fraudulent emails.
These customers, many of whom have just checked into their hotel or are preparing to, have received an unnerving email seemingly from Booking.com.
Alarmingly, this email—sent from [email protected]—threatened the cancellation of the customers’ stay unless they confirmed their bank card details through an embedded link.
Notifications through the app have also appeared on users' mobile phones.
Without a swift response within a set timeframe—time reportedly varied between four to 12 hours, depending on the email—the reservation would purportedly be cancelled.
Booking.com has resolutely refuted any breach of its own systems, blaming these fraudulent messages on intrusions within its partner hotels' email systems. Yet implicated hotels deny any breaches on their end.
One such customer named Julia Berridge, who stayed in a hotel in Marseille earlier this month for two nights for €349 ($586 AUD), complied with the instructions within the purported Booking.com email. Berridge did not lose any money but was forced her to cancel her card to prevent potential misuse of her bank details.
The email, which reportedly was sent from a standard Booking.com email address, had all the details of her reservation. The fact that a notification appeared on the mobile phone application made the whole scam more convincing.
Another victim of this scam was Kate Wright, who works in the field of digital commerce. After responding to a similar fraudulent email, she discovered she had been charged twice for her stay.
The feeling of disbelief grew when Booking.com call centre staff insisted that such a scam was 'simply impossible'. However, her dispute saw light when the hotel acknowledged a breach in the system and urged her to talk to her bank.
'I was made to feel like I was being hysterical—the call centre refused to believe that scammers had sent out an email using the Booking.com system. But, after two days, I eventually received a message from the hotel, again via Booking.com, saying that the system had been breached, that it knew about it, but was not telling their customers,' Wright shared.
'I was told to contact my bank. In the end, I was refunded by the bank, but only after I had spent four hours on the phone and had my card replaced digitally. To say I am unhappy is a huge understatement.'
Another victim who did not want to be named had a similar experience after booking a hotel in Cardiff. She received a similar email which she assumed was from Booking.com
'I only avoided losing hundreds of pounds because I became suspicious at the last moment before entering my card details and contacted the hotel directly,' the customer shared.
'The hotel did not seem surprised and asked if I had received a scam email. The only way that these scammers could have this info is through a breach at Booking.com, or the partner hotel’s interface, since it has all the booking details as well as previous email exchanges with the hotel in question.'
'This must be something that Booking.com is aware of but is keeping quiet. Don’t they have a duty to warn customers if they have been hacked?'
Hoteliers also shared the same problem with the platform, saying: 'Booking.com claims that someone got our login credentials, but that is not possible because we have two-factor authentication and we did not get any SMS.'
'So someone logged in to our account on a new computer, but we didn’t receive the SMS code nor the email “Booking.com—new sign-in to your account”,' Booking.com’s partner hotel, Hotel de Colegio, complained.
These aren’t the latest problems to hit the website. Just recently, it was accused of leaving many hoteliers and other partners across the globe unpaid for months on end and blamed the mishap on a 'technical issue'.
Booking.com issued a statement reassuring its platform was safe and trustworthy for partners and that customers are its 'top priority'.
'Some of our accommodation partners have, unfortunately, been targeted by very convincing and sophisticated phishing tactics, encouraging them to click on links, or download attachments outside of our system, that enable malware to load on their machines and, in some cases, led to unauthorised access to their Booking.com account.'
'These fraudsters then attempt to impersonate the partner to request payment from customers outside of the policy in their booking confirmation.’
'While neither Booking.com’s backend systems nor infrastructure have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and to our customers, who can fall victim to professional scammers.’
It continued: 'If a customer has any concerns about a payment message, we encourage them to check the payment policy of the accommodation, which is easy to find on the property listing page or contact our customer service team, which is available around the clock.’
'We will also be reaching out to the customers in these cases directly to ensure they are fully supported.'
In similar news, one savvy traveller who was just a click away from falling prey to a scam was able to avoid such a mishap.
The unsuspecting traveller was innocently arranging a European on Booking.com when things took an eerie turn when they received a message through the platform's official messaging system asking them to re-enter their credit card details due to a supposed issue with the previous transaction.
It seemed authentic because it came through an 'official' messaging system.
'They almost had me due to it being done through the official messaging system,' the traveller revealed.
You can read more about this trickery here.
Members, do you also book your travel necessities through Booking.com? Have you ever received a similar email in other websites? Share them with us in the comments below!
The latest ruse specifically targets customers of the online booking and travel platform, Booking.com. According to reports, these tricks utilise a concerning 'confirmation' email intended to scam recipients into revealing their bank details.
This alarming revelation shows how important it is for users to maintain a heightened vigilance, particularly with personal information while booking their travel flights and accommodations online.
In the past few weeks, several customers of the site have voiced complaints regarding such fraudulent emails.
These customers, many of whom have just checked into their hotel or are preparing to, have received an unnerving email seemingly from Booking.com.
Customers of Booking.com reportedly received emails asking them to confirm their bank details. Image source: Booking.com.
Alarmingly, this email—sent from [email protected]—threatened the cancellation of the customers’ stay unless they confirmed their bank card details through an embedded link.
Notifications through the app have also appeared on users' mobile phones.
Without a swift response within a set timeframe—time reportedly varied between four to 12 hours, depending on the email—the reservation would purportedly be cancelled.
Booking.com has resolutely refuted any breach of its own systems, blaming these fraudulent messages on intrusions within its partner hotels' email systems. Yet implicated hotels deny any breaches on their end.
One such customer named Julia Berridge, who stayed in a hotel in Marseille earlier this month for two nights for €349 ($586 AUD), complied with the instructions within the purported Booking.com email. Berridge did not lose any money but was forced her to cancel her card to prevent potential misuse of her bank details.
The email, which reportedly was sent from a standard Booking.com email address, had all the details of her reservation. The fact that a notification appeared on the mobile phone application made the whole scam more convincing.
Another victim of this scam was Kate Wright, who works in the field of digital commerce. After responding to a similar fraudulent email, she discovered she had been charged twice for her stay.
The feeling of disbelief grew when Booking.com call centre staff insisted that such a scam was 'simply impossible'. However, her dispute saw light when the hotel acknowledged a breach in the system and urged her to talk to her bank.
'I was made to feel like I was being hysterical—the call centre refused to believe that scammers had sent out an email using the Booking.com system. But, after two days, I eventually received a message from the hotel, again via Booking.com, saying that the system had been breached, that it knew about it, but was not telling their customers,' Wright shared.
'I was told to contact my bank. In the end, I was refunded by the bank, but only after I had spent four hours on the phone and had my card replaced digitally. To say I am unhappy is a huge understatement.'
Another victim who did not want to be named had a similar experience after booking a hotel in Cardiff. She received a similar email which she assumed was from Booking.com
'I only avoided losing hundreds of pounds because I became suspicious at the last moment before entering my card details and contacted the hotel directly,' the customer shared.
'The hotel did not seem surprised and asked if I had received a scam email. The only way that these scammers could have this info is through a breach at Booking.com, or the partner hotel’s interface, since it has all the booking details as well as previous email exchanges with the hotel in question.'
'This must be something that Booking.com is aware of but is keeping quiet. Don’t they have a duty to warn customers if they have been hacked?'
Hoteliers also shared the same problem with the platform, saying: 'Booking.com claims that someone got our login credentials, but that is not possible because we have two-factor authentication and we did not get any SMS.'
'So someone logged in to our account on a new computer, but we didn’t receive the SMS code nor the email “Booking.com—new sign-in to your account”,' Booking.com’s partner hotel, Hotel de Colegio, complained.
These aren’t the latest problems to hit the website. Just recently, it was accused of leaving many hoteliers and other partners across the globe unpaid for months on end and blamed the mishap on a 'technical issue'.
Booking.com issued a statement reassuring its platform was safe and trustworthy for partners and that customers are its 'top priority'.
'Some of our accommodation partners have, unfortunately, been targeted by very convincing and sophisticated phishing tactics, encouraging them to click on links, or download attachments outside of our system, that enable malware to load on their machines and, in some cases, led to unauthorised access to their Booking.com account.'
'These fraudsters then attempt to impersonate the partner to request payment from customers outside of the policy in their booking confirmation.’
'While neither Booking.com’s backend systems nor infrastructure have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and to our customers, who can fall victim to professional scammers.’
It continued: 'If a customer has any concerns about a payment message, we encourage them to check the payment policy of the accommodation, which is easy to find on the property listing page or contact our customer service team, which is available around the clock.’
'We will also be reaching out to the customers in these cases directly to ensure they are fully supported.'
In similar news, one savvy traveller who was just a click away from falling prey to a scam was able to avoid such a mishap.
The unsuspecting traveller was innocently arranging a European on Booking.com when things took an eerie turn when they received a message through the platform's official messaging system asking them to re-enter their credit card details due to a supposed issue with the previous transaction.
It seemed authentic because it came through an 'official' messaging system.
'They almost had me due to it being done through the official messaging system,' the traveller revealed.
You can read more about this trickery here.
.png){kind=icon}
