Travelers Beware: The Booking.com Email Scam Unveiled

Imagine yourself meticulously planning your dream vacation, securing the perfect hotel accommodation, only to receive an email from what appears to be Booking.com asking for your credit card details to avoid cancellation of your reservation. This scenario can be quite alarming, isn’t it? Regrettably, this exact predicament has ensnared countless travelers, who have fallen victim to a cunning phishing email scam designed to trick unsuspecting Booking.com users.

“Beware of this rare phishing scam on Booking.com | On Your Side” shared by YouTube channel: KCAL News

Security breach involving booking

Three weeks after Observer Cash shed light on a security breach involving Booking.com’s email system, the situation has escalated. Customers who had used the platform to book their stays received official-looking emails from [email protected], instructing them to provide their bank card details through an embedded link to avoid their reservations being canceled.

The emails, which appeared to be sent from the legitimate Booking.com address, claimed that the customers’ credit card details had been compromised. This led to understandable alarm and confusion among those affected. Booking.com, however, initially denied any system hack, attributing the fraudulent messages to breaches at partner hotels’ email systems.

As the issue unfolded, Booking.com began sending out warnings to its customers about ‘potentially suspicious activity’ on certain accommodation providers’ accounts. Some customers, like reader IA, were contacted despite not having made a reservation since June. The email they received stated, ‘We recently noticed some suspicious activity from an unknown external device attempting to access certain Booking.com systems, using property logins which may have unfortunately led to unauthorized third parties being able to access your reservation details, including payment card data.’

A Tax Form with a Word Scam on its Face — Photo by Leeloo The First on Pexels

Booking.com has acknowledged that some of its accommodation providers fell victim to ‘very convincing and sophisticated phishing tactics.’ These tactics allowed fraudsters to impersonate accommodations and communicate with guests, potentially leading to the theft of sensitive information.

The company has responded by updating and expanding the cybersecurity section of their partner hub, aiming to educate on malware and phishing. But the advice to customers is clear: be wary of any emails or contact that seems to come from Booking.com or its partner hotels. Customers are advised not to follow any account verification links sent out and to contact the hotel directly if asked for an extra payment.

This incident is not isolated in the travel industry. Similar attacks have occurred, such as the one on Orbitz, where hackers may have accessed the personal information of nearly one million payment cards. TripAdvisor also faced a breach where user emails were stolen.

How can travelers protect themselves?

So, how can travelers protect themselves? Here are some tips:

– Only book through reputable companies.

– Use strong passwords with at least 12 characters.

– Look for authentic reviews.

– Ensure the website has a green padlock in the navigation bar when entering financial details.

– Remember, if a deal sounds too good to be true, it probably is.

In the wake of these events, travelers have shared their experiences on forums, warning others of the scam. One user, Anniesantiago, reported receiving a phishing email asking for credit card confirmation. After contacting the property directly, they learned it was a scam. Another user, andycohn, received a phishing email that looked very official, including their exact confirmation number. They became suspicious after receiving multiple identical emails and contacted the hotel to confirm.

Close-Up Shot of Bills — Photo by Tara Winstead on Pexels

Booking.com has stated, ‘Security and the protection of our partner and customer data is a top priority at Booking.com… In this case, there has been no compromise on Booking.com systems.’ They are supporting impacted guests and working with properties to resolve the issue.

As the summer travel season approaches, it’s crucial for travelers to stay vigilant and informed. By taking the right precautions and staying alert to the signs of phishing, you can protect yourself and ensure that your travels are safe and stress-free.