Scammers have fleeced at least 532 travellers out of £370,000 after hacking their way into hotel accounts – customers then receive emails from a fake account operated by a crime gang
Booking.com fraudsters are leaving Brits facing holiday hell, police have warned. Scammers have fleeced at least 532 travellers out of £370,000 after hacking their way into hotel accounts.
They then send out emails to customers with reservations purporting to be from online travel agent Booking.com asking for payment and credit card details. But it is a bogus account operated by scammers, police say.
Victims have lost money, handed over their cash card details and may miss out on legitimate holidays they mistakenly believe they have paid for.
Police say Booking.com’s account has not been breached. Instead criminals unleashed an online phishing attack on hotel and accommodation providers who accept bookings via the travel agent.
Victims then received unexpected messages and emails from a fake Booking.comaccount linked to hotels they had reservations with but operated by a crime gang.
The Booking.conmen then sent in-app messages, emails and WhatsApp posts tricking customers into surrendering cash and private banking details.
A spokesman for Booking.com said: “We would never ask a customer to share payment information via email, chat or WhatsApp messages, texts or over the phone.
“But phishing attacks by criminal organisations are increasingly sophisticated and fraudsters often impersonate people and brands to scam them.
“We continue to make significant investments to limit the impact of scams, using the latest technology and innovations.
“We are also committed to proactively helping our accommodation partners and customers to stay protected.
“A lot of this is via education, informing our partners of the types of scams we are seeing – through regular and as-needed communications, face-to-face workshops, and a dedicated cyber-security advice hub – while arming our customers with practical advice that they can apply as they search for their holiday.
“If a customer ever has any concerns about a payment message they should carefully check the payment policy details outlined in their booking confirmation.
“Customers can also report any suspicious messages to us via our customer service team, or by clicking on ‘report an issue’, which is included in the chat function, where we also have guidance for customers on how to avoid suspicious activity. We also provide online safety tips for customers via our website, customers’ personal Booking.com accounts and our booking confirmation emails.”
Adam Mercer, deputy head of Action Fraud, said: “Those who have booked a holiday on the Booking.com platform should stay alert to any unexpected emails or messages from a hotel using the Booking.com platform as their account could have been taken over by a criminal.
“If you receive an unexpected request from a hotel’s account you booked with using Booking.com asking for bank details or credit card details it could be a fraudster trying to trick you into parting ways with your money.
“Contact Booking.com or the organisation directly if you’re unsure.’’
Police said no legitimate Booking.com transaction would ever ask a customer to provide their credit card details by phone, email, text or WhatsApp message.
“Sometimes a hotel provider will manage their own payment and may reach out to request payment information like credit card details,’’ an Action Fraud spokesman said.
“Before providing any information always verify the authenticity of communication between yourself and the hotel’s account.”
They added: “Don’t use the numbers or address in the suspicious message and use the details from their official website.’’
Police urged victims to log suspicious emails at report@phishing.gov.uk or texts to 7726 and contact Action Fraud at or by calling 0300 123 2040.