Warning for Booking.com Users: Fraudsters Targeting Hotel Accounts

Users of the popular platform Booking.com are being cautioned about potential fraud. Criminals have been taking over hotel accounts on the platform and sending emails or messages to customers, requesting payments or credit card details. Between June 2023 and September 2024, Action Fraud received 532 reports of this type of fraud, resulting in losses totalling £370,000.

How the Fraud Works

According to Action Fraud, the scam begins when criminals gain access to a hotel’s Booking.com account. From there, they send in-app messages, emails, and even WhatsApp messages to customers with existing reservations at the compromised hotel. These fraudulent communications often request payment or sensitive credit card information.

The account takeovers are thought to result from targeted phishing attacks on hotels or accommodation providers, rather than any breach of Booking.com’s backend system or infrastructure.

Statement from Action Fraud

Adam Mercer, Deputy Head of Action Fraud, stated:
“With over 500 reports submitted, anyone who has booked a holiday through Booking.com should be cautious of unexpected emails or messages from a hotel using the platform. If a hotel account has been taken over by a criminal, they may attempt to deceive you into providing your financial details or making payments.

“If you receive an unexpected request for bank or credit card details, it could be a fraud attempt. Always contact Booking.com or the organisation directly if you’re unsure. Suspicious emails should be forwarded to report@phishing.gov.uk, and fraudulent text messages can be sent to 7726.”

Tips to Protect Yourself

Booking.com and Action Fraud recommend the following steps to help protect your account and identify potential fraud:

1. Legitimate Booking.com transactions:
   Booking.com will never ask for your credit card details by phone, email, or text message (including WhatsApp).

2. Verifying payment requests:
   Some hotels may manage their own payments and request details directly. Before sharing information, confirm the authenticity of the communication with the hotel or Booking.com.

3. Beware of urgent payment demands:
   If you receive a message requesting immediate payment due to a cancellation or similar urgency, contact Booking.com Customer Service through the official website or app to verify.

4. Check booking confirmation details:
   Payment requests that don’t match your original booking confirmation should be treated as suspicious and verified with Booking.com Customer Service.

5. Avoid clicking on suspicious links:
   Messages claiming to be from Booking.com that include links or file downloads should be approached with caution.

6. Contact Booking.com directly for verification:
   Use only the contact details available on the official Booking.com website—not the ones provided in a suspicious message.

For additional tips, visit the Safety Tips for Travellers page on the Booking.com website.

What to Do If You’re Targeted

• Report suspicious communications:
  Forward suspicious emails to report@phishing.gov.uk and text messages to 7726.

• Act immediately if scammed:
  If you’ve lost money or shared financial information, contact your bank immediately. Report the fraud to Action Fraud via their website: https://www.actionfraud.police.uk/report-phishing, or by calling 0300 123 2040.
  In Scotland, report fraud by contacting Police Scotland on 101.

For more advice on staying safe from fraud, visit: Stop Think Fraud.