Surge in Scams Targeting Booking.com Users Through Compromised Accounts Triggers Alarms
With the demand for hotel bookings and international air travel recovering in the post-pandemic era, a lot of money is expected to trickle into the tourism industry, and this was bound to grab unwanted attention from scammers. In recent months, an alarming surge in scams targeting Booking.com users has prompted a wave of concern among travelers and authorities alike. The sophistication of these scams, coupled with their prevalence, has raised red flags for individuals like business consultant Sue Brown, who fell victim to a cunning phishing scheme.
Just days before her scheduled family holiday to Hawaii in October, Brown received an email allegedly from the Shoreline Hotel, where she had made reservations through Booking.com. The message requested verification of payment details, threatening cancellation of her booking if not provided immediately.
"It said my room booking was going to be canceled. The link provided looked like the genuine Booking.com site I’d used many times before to make payments," said Brown.
Trusting the familiar interface of the platform, Brown followed the link and unknowingly divulged her credit card information. It wasn't until a conversation with her sister, who had received a similar suspicious email. "I realized then I’d been scammed, and I felt like an idiot as it had never happened to me before," she said.
They even have people pretending to be https://t.co/DoXi105nxo trying to scam us.
— Shay (@shay_jayyy) February 26, 2024
Intruders had gained access to the hotel's email system, leveraging it to target unsuspecting guests like herself. Despite her quick actions to freeze her credit card and alert the hotel and Booking.com, Brown remains anxious, as she awaits further communication from the platform.
Unfortunately, she is not the only one facing this ordeal as several Booking.com users are revealing similar stories of falling victim to phishing scams via compromised host accounts on the platform.
Booking. com denies security breach after phishing scam attempt made on its website. Read more:https://t.co/HwUlC8WeF2
— TheJournal.ie (@thejournal_ie) March 1, 2024
According to data from the Australian Competition and Consumer Commission's (ACCC) Scamwatch program, such scams witnessed a staggering sevenfold increase last year, with losses exceeding $337,000.
Booking.com has vehemently denied any breach of its platform, attributing the incidents to scammers targeting accommodation partners. These perpetrators employ phishing tactics to infiltrate hosts' systems, subsequently impersonating them to deceive future guests into sharing sensitive financial information.
"Some of our accommodation providers have been targeted by very convincing and sophisticated phishing tactics. We have also been continuously updating and expanding the cybersecurity section of our partner hub to include even more information on malware and phishing," the company told The Guardian.
Despite the platform's assurances of proactive measures to safeguard users, including enhanced security protocols and alerts, the onus remains on customers to exercise caution. The ACCC has issued a stern warning to Booking.com users, advising them to adopt stringent verification practices when handling suspicious communications.
This includes independent verification of emails containing links or attachments, confirming booking details via trusted channels, and utilizing their official app for secure account management.
"We understand the importance of keeping the data we are entrusted with secure. That’s why we continue to make significant investments to limit the impact and have put new measures and alerts in place to update and protect our customers, as well as our accommodation partners," said the company's spokesperson.
