Booking.com scam / hack - anyone else?
Discussion
Last night I made a booking for a couple of nights at a serviced apartment in the UK via booking.com. Provided payment card details as usual. Free cancellation until 2 weeks prior to the stay. All pretty normal.
This morning I received a message from the accommodation asking me to click a link to complete an online check-in, send them a copy of photo id and to make payment via bank transfer - bank details provided. This contact came via booking.com and I can view it through their app & website.
This seemed fishy - I've used booking.com many times and never made payment outside the system. The booking confirmation actually states payment will be taken from the provided card.
I phoned booking.com's customer service who were pretty useless - I'm not even sure they understood my concern but said they would email the accommodation.
While I was on the phone to them I had another incoming call from a Hong Kong number which I ignored. Googled the number and it has multiple reports of being used for booking.com scams. See link.
https://who-called.co.uk/Number/85230775529
I have no contact details for the property except via booking.com (nothing on google) but if their email has been compromised I'm loathe to do that. Their email contact is a mobile number.
So I have a couple of options.
I could just ignore the messages and let payment come off my card as usual.
I could contact the property via booking.com details and try to resolve hoping that I am actually speaking with the actual property.
I could just cancel the booking for free and book somewhere else.
I certainly won't be making a bank transfer.
Just wanted to check if anyone else has experienced anything similar with booking.com and if so what was the end result. It definitely smacks of a scam to me and that someone's email and/or their login to booking.com has been compromised.
I have additionally emailed booking.com customer service in the hope that they may confirm the legitimacy of the communication but not holding my breath on a response.
This morning I received a message from the accommodation asking me to click a link to complete an online check-in, send them a copy of photo id and to make payment via bank transfer - bank details provided. This contact came via booking.com and I can view it through their app & website.
This seemed fishy - I've used booking.com many times and never made payment outside the system. The booking confirmation actually states payment will be taken from the provided card.
I phoned booking.com's customer service who were pretty useless - I'm not even sure they understood my concern but said they would email the accommodation.
While I was on the phone to them I had another incoming call from a Hong Kong number which I ignored. Googled the number and it has multiple reports of being used for booking.com scams. See link.
https://who-called.co.uk/Number/85230775529
I have no contact details for the property except via booking.com (nothing on google) but if their email has been compromised I'm loathe to do that. Their email contact is a mobile number.
So I have a couple of options.
I could just ignore the messages and let payment come off my card as usual.
I could contact the property via booking.com details and try to resolve hoping that I am actually speaking with the actual property.
I could just cancel the booking for free and book somewhere else.
I certainly won't be making a bank transfer.
Just wanted to check if anyone else has experienced anything similar with booking.com and if so what was the end result. It definitely smacks of a scam to me and that someone's email and/or their login to booking.com has been compromised.
I have additionally emailed booking.com customer service in the hope that they may confirm the legitimacy of the communication but not holding my breath on a response.
redrabbit29 said:
I get around 10 emails per week from them asking me to confirm I am trying to sign in. I think they're being targeted quite heavily
I have changed my password and set up 2FA via an authenicator app just on the off chance that it was my account that was compromised but I don't believe it is. You're not alone .. https://www.theguardian.com/money/2023/oct/23/book...
And their stance ..
And their stance ..
article said:
“Some of our accommodation partners have, unfortunately, been targeted by very convincing and sophisticated phishing tactics, encouraging them to click on links, or download attachments outside of our system, that enable malware to load on their machines and, in some cases, led to unauthorised access to their Booking.com account,” it says.
“These fraudsters then attempt to impersonate the partner to request payment from customers outside of the policy in their booking confirmation.
“While neither Booking.com’s backend systems, nor infrastructure, have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and to our customers, who can fall victim to professional scammers."
“These fraudsters then attempt to impersonate the partner to request payment from customers outside of the policy in their booking confirmation.
“While neither Booking.com’s backend systems, nor infrastructure, have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and to our customers, who can fall victim to professional scammers."
As above, lots of ongoing issues with Booking.com and the hotel's being targeted to then target people via booking.com
https://grahamcluley.com/fraudsters-target-booking...
https://grahamcluley.com/fraudsters-target-booking...
bigandclever said:
You're not alone .. https://www.theguardian.com/money/2023/oct/23/book...
And their stance ..
Good to know. This would be simple to resolve if it was a hotel - I could just ring directly. But its a serviced apartment and the only contact details are from booking.com - a mobile number. I think I'll bite the bullet and give it a call.And their stance ..
article said:
“Some of our accommodation partners have, unfortunately, been targeted by very convincing and sophisticated phishing tactics, encouraging them to click on links, or download attachments outside of our system, that enable malware to load on their machines and, in some cases, led to unauthorised access to their Booking.com account,” it says.
“These fraudsters then attempt to impersonate the partner to request payment from customers outside of the policy in their booking confirmation.
“While neither Booking.com’s backend systems, nor infrastructure, have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and to our customers, who can fall victim to professional scammers."
“These fraudsters then attempt to impersonate the partner to request payment from customers outside of the policy in their booking confirmation.
“While neither Booking.com’s backend systems, nor infrastructure, have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners and to our customers, who can fall victim to professional scammers."
Time4another said:
Have made bookings on Booking.com for proerties that required paying a deposit through a 3rd party. Was all straight forward but do agree it does feel open to abuse.
I recently had this and it initially felt very scammy - an email from a third party (outside of the booking.com network) asking for me to input card details for a £400 deposit......I asked them to email me via booking.com making the same request to 'verify' it was legit, which they did, so I paid it (in March) and don't appear to have been scammed
i4got said:
redrabbit29 said:
I get around 10 emails per week from them asking me to confirm I am trying to sign in. I think they're being targeted quite heavily
I have changed my password and set up 2FA via an authenicator app just on the off chance that it was my account that was compromised but I don't believe it is. This is one of those tricky ones where it could be a scam - or equally be fine.
On the "It's fine" side you have the fact a lot of the online booking sites take a significant cut of all funds transacted on their platform (then take zero responsibility if either guest of host is a dick). As a result increasing numbers of small operators either charge different prices on different platforms (basically pricing differently on booking.com vs AirB&B vs Vrbo so they get the same amount of money regardless who you book through) or not doing the payment on the platform so just paying the 'finders fee' not the additional % cut of payments - and if it's just an individual with 1 or 2 properties they won;t have a full credit card merchant account so bank transfers are the simplest payment option.
On the "It's a scan" side there's very little to stop me visiting one of these sites, harvesting the photos of a property and posting it on another site as 'my' property. Clearly if you book 'my' property the actual owner's not going to let you in and when you complain to booking.com, etc they will kick me off/claim the money back if I've gone through their systems. If I've gone around their systems and asked you to pay via bank transfer on the other hand, well I've got your money and you have little chance of seeing it again.
There's a few things you can do.
1. Hunt around other booking agents to see if you can find the same property. For a start you might find it cheaper but you can also check if it's still available on other sites (red flag) and contact the host (green flag if the same person/red flag if someone different who's never heard of you).
2. Ask the host for a telephone number and make direct contact. Most hosts will want to reassure you so be happy but if they won't that's a red-ish flag and if the contact number's in somewhere 'unexpected' that's another red flag.
3. Make sure you're paying on a credit card so you have someone else to try and claim off of it things do go wrong.
On the "It's fine" side you have the fact a lot of the online booking sites take a significant cut of all funds transacted on their platform (then take zero responsibility if either guest of host is a dick). As a result increasing numbers of small operators either charge different prices on different platforms (basically pricing differently on booking.com vs AirB&B vs Vrbo so they get the same amount of money regardless who you book through) or not doing the payment on the platform so just paying the 'finders fee' not the additional % cut of payments - and if it's just an individual with 1 or 2 properties they won;t have a full credit card merchant account so bank transfers are the simplest payment option.
On the "It's a scan" side there's very little to stop me visiting one of these sites, harvesting the photos of a property and posting it on another site as 'my' property. Clearly if you book 'my' property the actual owner's not going to let you in and when you complain to booking.com, etc they will kick me off/claim the money back if I've gone through their systems. If I've gone around their systems and asked you to pay via bank transfer on the other hand, well I've got your money and you have little chance of seeing it again.
There's a few things you can do.
1. Hunt around other booking agents to see if you can find the same property. For a start you might find it cheaper but you can also check if it's still available on other sites (red flag) and contact the host (green flag if the same person/red flag if someone different who's never heard of you).
2. Ask the host for a telephone number and make direct contact. Most hosts will want to reassure you so be happy but if they won't that's a red-ish flag and if the contact number's in somewhere 'unexpected' that's another red flag.
3. Make sure you're paying on a credit card so you have someone else to try and claim off of it things do go wrong.
Gassing Station | Holidays & Travel | Top of Page | What's New | My Stuff