Select Page

Booking.com scam targets users with emails and messages asking for payment details

Hackers have targeted Booking.com and its customers again. Their primary goal is to steal hundreds of thousands of pounds. Scammers send hundreds of personalized messages with full names, addresses, references and other booking details are seen legitimate enough, so customers believed this is real and important.

Scam emails included the information about a security breach and asked to change their passwords on the booking website. The letter included a link that leads to a compromised website. Although booking.com spokesperson sent the following email to address the issue – the company wasn’t affected by any data breach:

“Security and the protection of our partner and customer data is a top priority at Booking.com. Not only do we handle all personal data in line with the highest technical standards, but we are continuously innovating our processes and systems to ensure robust security on our platform. In this case, there has been no compromise on Booking.com systems.”

The company said that there was no compromise on the system and all customers affected by those phishing messages were contacted and ensured that this was a scam.

“A small number of properties have been targeted by phishing emails sent by cyber criminals and by clicking on those emails, the properties compromised their accounts. All potentially impacted guests have been notified and because we value our customers at Booking.com, we are supporting impacted guests to compensate for any losses incurred, and reclaim these from the property. If customers have any questions regarding their reservation or to report losses, they can contact our customer service team.”

All of this was made by using WhatsApp and text messages. Criminals sent out information that customers need to change their passwords because of the security issue. The attack looks legitimate because of the specific information and a provided link. This message was followed up later by another one, claiming that now they need customers’ banking information.

It’s not the first time for Booking.com users to be targeted by the scammers

Back in 2014, Booking.com had another similar situation when scammers tricked people into paying. As the company said, the criminals hacked not more than eight hotels. Luckily for the victims of the scam, they received refunds from the travel agent. However, it was a financial loss for the company.

Representatives also reported that the company wasn’t hacked. Attackers probably managed to get access to hotels’ portals and get access to customer’s information. Therefore, criminals were able to send personalized emails and trick victims into paying the money.

So, this was not the first time when hackers striked at travel industry. However, these attacks with customer financial data-stealing might not end, but you need to be aware and do not rush revealing personal information on any website.

Ways of preventing this scam

Online hoaxes like “Microsoft Warning Alert” and other tech support scams can be quite easily recognized – Microsoft does not warn about detected viruses in pop-ups and does not provide phone support. However, email scams are harder to recognize and avoid. Usually, they include personal, so it’s not easy to suspect that something is not wrong.

But there’s no need to ditch Booking.com or other convenient services that help to plan your vacations in order not be sure that received letters from this company is not legit. You can use them and still avoid suffering from cyber criminals. All you need to is to be careful and attentively read received emails, messages on communication apps or social networks.

If you receive an email asking to change your password, open a new browser’s tab and access the website directly. Log in and check if you received any message or notification there stating the same. Though, setting a new and strong password doesn’t hurt anyone.

If you clicked on a link and ended up on the website that asks to enter your credit card information and other personal details, do not rush to do it. Make sure that you are actually on the official website. Do not enter your financial data if it is something you are not sure about.

Additionally, do not fall for deals and offers that look too good to be true. Because it rarely is true. If you receive an email or notice an advertisement for very cheap hotels or flights, be careful. They might redirect to a phishing site that is used for stealing your personal information and money.