Beware of Fake Payment Requests on Booking.com: What Consumers and Business Owners Need to Know

Action Fraud is warning Booking.com users of a wave of fraud targeting travelers and holidaymakers. The alert follows a series of reports to the UK consumer protection agency, which documented 532 cases of individuals falling victim to fraudulent payment requests between June 2023 and September 2024.

 The scams have cost the victims a combined £370,000, highlighting the urgent need for vigilance among Booking.com platform users.

How the Scam Works

Fraudulent activity begins when criminals take over a hotel’s Booking.com account, likely through a targeted phishing attack against the hotel or accommodation provider. Using the compromised account, they message people who have reservations at the hotel, requesting payment or credit card details under the guise of confirming or completing their booking.

These communications are designed to look legitimate, and often generate a sense of urgency to pressure victims into acting quickly.

Adam Mercer, Deputy Head of Action Fraud, stated:

“If you receive an unexpected request from a hotel’s account you booked with using Booking.com, asking for bank details or credit card details, it could be a fraudster trying to trick you into parting ways with your money. Contact Booking.com or the organization directly if you’re unsure.”

Stay Safe While Booking: Tips for Consumers

While this scam primarily affects customers whose Booking.com accounts have been compromised, the incident underscores the importance of vigilance in online transactions. Fraudsters are becoming increasingly sophisticated, using trusted platforms to claim victims. Here are some proactive steps to protect yourself when booking accommodations online:

1.      Use Scam Detection Tools

• Use tools like Bitdefender Scamio to detect fraudulent websites and phishing attempts in real time.  Scamio is available on WhatsApp, Facebook Messenger, web browser or Discord for free!  Don't forget to help others stay safe by sharing the localized versions of Scamio in France, Germany, Spain, Italy, Romania, Australia, and the UK.
• Use Bitdefender Link Checker for free to verify the safety of links before clicking on them.
1. Be Wary of Suspicious Requests: Legitimate Booking.com transactions won’t require you to provide sensitive information such as credit card details, via email, phone, or text message (including WhatsApp).
2. Verify Payment Requests: Always cross-check payment details against the original booking confirmation. If you’re unsure, reach out to Booking.com through their official channels.
3. Avoid Clicking Unknown Links: Treat messages with links, downloads, or attachments with caution. Use tools like Bitdefender Link Checker to ensure links are safe.
4. Report Fraudulent Communications: If you suspect you’ve received a fraudulent request, do not engage with the sender or provide any information. Instead:

• Contact Booking.com through their official website or app to verify the request.
• Report the incident to Action Fraud in the UK or your local cybercrime authority.

Protecting Small Business Owners on Booking.com

For small business owners who use Booking.com to rent properties or rooms, a scam targeting your account could be devastating. Not only could it inflict financial losses on your business, but it can also harm your reputation and the trust of your customers.

Here are some key steps you can take to safeguard your business, customers, and reputation:

1. Strengthen Your Account Security

• Use strong, unique passwords for your Booking.com account. Avoid reusing passwords across platforms and enable 2FA for extra security.
• Regularly update your password, especially after staff changes or if you suspect any unusual activity.

2. Stay Vigilant Against Phishing

• Train your team to recognize phishing attempts, which may come in the form of emails, calls, or texts purportedly from Booking.com.
• Verify any communications by contacting Booking.com directly through their official website or app, especially if the request involves sharing sensitive information.

3. Monitor Account Activity

• Regularly check your Booking.com account for any unauthorized changes to your listings, such as updated contact details or payment methods.
• Review all messages sent to your customers via the platform to ensure they are legitimate.

4. Communicate With Your Customers

• Inform customers during the booking process that you will never request payment details or other sensitive information outside the Booking.com platform.
• Advise customers to contact you directly through Booking.com if they receive any suspicious messages.

5. Invest in Comprehensive Cybersecurity Solutions

Equip your business with robust cybersecurity like Bitdefender Ultimate Small Business Security which provides comprehensive features such as:

• Email Protection: Automatically blocks phishing emails, fake invoices, and malicious links to keep you and your team safe.
• Scam Detection: Our AI-powered Scam Copilot helps you spot scams and trains your staff to improve their cybersecurity skills.
• Password Management: Helps you create strong passwords and stores them securely.
• Secured Remote Work: A VPN protects employees on public Wi-Fi and ensures secure communication.
• Device Protection: Shields all devices from malware, ransomware, and spyware in real-time.
•  Digital Identity Monitoring: Alerts you about data leaks, unauthorized use of your business name, and breaches, including on the dark web.

6. Report Issues Immediately

• If you suspect your account has been compromised, contact Booking.com immediately to secure your account and prevent further misuse.
• Report any fraudulent activity to local authorities and share information with affected customers.