Increasing number of Booking.com customers fall prey to the 'confirmation' email scam—Are you one of them?
- Replies 0
Disclaimer: The names with asterisk (*) have been changed to protect the privacy of the person in this story.
It was recently revealed that Booking.com's email system has been compromised and its customers’ credit card details were exposed.
But it has also come to light that the company has been sending emails to certain users, warning them to cancel their cards.
Meanwhile, more customers have stepped forward to share their similar experiences with the scam.
The affected customers had either checked into or were due to check into, a hotel they had booked through Booking.com's website or app.
They received an email from the official [email protected] address, warning that their stay might have to be cancelled—unless they provided their bank card details via an embedded link.
Booking.com had previously denied any system breach when the initial report was published and attributed the suspicious messages to breaches in the email systems of partner hotels.
However, recent developments suggested a more complex scenario.
This week, it was revealed that Booking.com has sent email warnings to its customers that their card details may have been compromised. The company stated this was due to 'potentially suspicious activity' on a specific accommodation provider's account.
One customer, IA*, whose name has been hidden to protect their privacy, was contacted by the company despite not having made a reservation since June.
The email IA* received read: 'We recently noticed some suspicious activity from an unknown external device attempting to access certain Booking.com systems, using property logins which may have unfortunately led to unauthorised third parties being able to access your reservation details, including payment card data.'
Booking.com has acknowledged that some of their ‘accommodation providers have been targeted by very convincing and sophisticated phishing tactics' which 'enables the fraudsters to impersonate the accommodation and communicate with guests via email or messages'.
Due to this, the company has been continuously updating and expanding the cybersecurity section of its partner hub to include even more information on malware and phishing.
In light of these events, the advice is clear: be extremely wary of any emails or contact that appear to come from Booking.com or its partner hotels.
Do not follow any account verification links sent out, and phone the hotel directly if asked for an additional payment.
A traveller who was nearly a victim of this scam and shared their experience to warn others. You can read the full story here.
Understanding Phishing Scams and How to Protect Yourself
Phishing scams are fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication. In this case, the scammers are impersonating Booking.com and its partner hotels.
Here are some tips to protect yourself from phishing scams:
1. Be suspicious of unsolicited communications: Phishing scams often start with unexpected or unsolicited emails, text messages, or phone calls claiming to be from a legitimate organisation.
2. Don't click on links or download attachments from unknown sources: These could lead to malicious websites or contain malware.
3. Verify the sender's identity: If you receive a suspicious email or message, contact the organisation using a known and trusted phone number or website.
4. Keep your devices and software up to date: Regularly updating your devices and software can help protect against the latest threats.
5. Use strong, unique passwords: Using a different password for each online account can help prevent one compromised account from leading to others.
6. Enable two-factor authentication: This adds an extra layer of security to your online accounts by requiring two types of identification before you can log in.
Remember, it's always better to be safe than sorry. If you suspect a phishing scam has targeted you, report it to your local law enforcement agency and the organisation that was impersonated.
You can also report it to Scamwatch here: https://portal.scamwatch.gov.au/report-a-scam/
Have you ever encountered a similar situation, members? Share your experiences and tips in the comments below.
It was recently revealed that Booking.com's email system has been compromised and its customers’ credit card details were exposed.
But it has also come to light that the company has been sending emails to certain users, warning them to cancel their cards.
Meanwhile, more customers have stepped forward to share their similar experiences with the scam.
The affected customers had either checked into or were due to check into, a hotel they had booked through Booking.com's website or app.
They received an email from the official [email protected] address, warning that their stay might have to be cancelled—unless they provided their bank card details via an embedded link.
A customer has shared a confirmation email that they received, which they believed was from Booking.com. Credit: Facebook
Booking.com had previously denied any system breach when the initial report was published and attributed the suspicious messages to breaches in the email systems of partner hotels.
However, recent developments suggested a more complex scenario.
This week, it was revealed that Booking.com has sent email warnings to its customers that their card details may have been compromised. The company stated this was due to 'potentially suspicious activity' on a specific accommodation provider's account.
One customer, IA*, whose name has been hidden to protect their privacy, was contacted by the company despite not having made a reservation since June.
The email IA* received read: 'We recently noticed some suspicious activity from an unknown external device attempting to access certain Booking.com systems, using property logins which may have unfortunately led to unauthorised third parties being able to access your reservation details, including payment card data.'
Booking.com has acknowledged that some of their ‘accommodation providers have been targeted by very convincing and sophisticated phishing tactics' which 'enables the fraudsters to impersonate the accommodation and communicate with guests via email or messages'.
Due to this, the company has been continuously updating and expanding the cybersecurity section of its partner hub to include even more information on malware and phishing.
In light of these events, the advice is clear: be extremely wary of any emails or contact that appear to come from Booking.com or its partner hotels.
Do not follow any account verification links sent out, and phone the hotel directly if asked for an additional payment.
A traveller who was nearly a victim of this scam and shared their experience to warn others. You can read the full story here.
Understanding Phishing Scams and How to Protect Yourself
Phishing scams are fraudulent attempts to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication. In this case, the scammers are impersonating Booking.com and its partner hotels.
Here are some tips to protect yourself from phishing scams:
1. Be suspicious of unsolicited communications: Phishing scams often start with unexpected or unsolicited emails, text messages, or phone calls claiming to be from a legitimate organisation.
2. Don't click on links or download attachments from unknown sources: These could lead to malicious websites or contain malware.
3. Verify the sender's identity: If you receive a suspicious email or message, contact the organisation using a known and trusted phone number or website.
4. Keep your devices and software up to date: Regularly updating your devices and software can help protect against the latest threats.
5. Use strong, unique passwords: Using a different password for each online account can help prevent one compromised account from leading to others.
6. Enable two-factor authentication: This adds an extra layer of security to your online accounts by requiring two types of identification before you can log in.
Remember, it's always better to be safe than sorry. If you suspect a phishing scam has targeted you, report it to your local law enforcement agency and the organisation that was impersonated.
You can also report it to Scamwatch here: https://portal.scamwatch.gov.au/report-a-scam/
Have you ever encountered a similar situation, members? Share your experiences and tips in the comments below.
