Travel trap: Beware of Booking.com scammers
Last updated on November 26th, 2024
Booking travel and accommodation has never been easier thanks to the internet but, as those who have fallen victim to Booking.com scams have found, the modern convenience is not without its traps.
In the year ending December 2023, Australians lost more than $337,000 to scammers impersonating some of the online travel agency’s accommodation partners.
There were 363 reports to the Australian Competition & Consumer Commission’s Scamwatch mentioning Booking.com, a jump of almost 600 percent on the previous year’s total of 53.
So, how are scammers getting your money, and what can you do about it?
Understanding Booking.com scams
Travellers have reported receiving emails or text messages that appear to be from their hotel or Booking.com. These messages claim there is an issue with the recipient’s reservation and threaten cancellation if payment details aren’t confirmed immediately. The scammers cleverly use Booking.com's logo, colours and even the official email address to trick people into thinking they're legitimate.
This tactic ensnared Robyn, who unknowingly entered her credit card information on a fake Booking.com website after clicking a link in a fraudulent message. The fraudsters used the stolen data to book additional accommodation, totalling a whopping $25,000 in unauthorised charges. Luckily, Robyn's bank will reimburse the stolen funds.
Booking.com confirmed its system wasn't compromised. Instead, the attack targeted the hotel's internal booking system. It is believed malware was installed on the hotel's computers, allowing scammers to steal its login credentials for Booking.com.
Queensland University of Technology Professor Cassandra Cross told the ABC that while platforms like Booking.com and Airbnb use algorithms to try to identify fraudulent posts, they are often defeated by the sheer volume.
"There is nothing to stop an offender creating listings or copying listings onto other sites, and that is what makes this a difficult and challenging scam sometimes to identify", she said.
Identifying phishing attempts
Phishing remains one of the most common scam tactics, costing Australians tens of millions each year, especially those with limited cybersecurity awareness. Here are tell-tale signs of phishing attempts:
Urgency and threats to create a sense of panic
Scammers exploit your fear of something going wrong, which pressures you into acting immediately. In Booking.com scams, for example, they might claim your reservation will be cancelled unless you "confirm" your payment details within a ridiculously short timeframe – like the 12 hours a New Zealand traveller was given.
Suspicious links embedded within scam texts or emails
For example, if the website name is Booking.com, a fake link might show Booking-com.com. Booking com scams are also common – a website or email missing a fullstop you can so easily read past.
Generic greetings
A message starting with something like "Dear Customer" instead of your registered name is also a sign of potential fraud. Most businesses will address correspondence to the account holder.
Poor grammar and spelling errors
Legitimate companies typically prioritise professional communication, avoiding typos and grammatical mistakes in emails or messages. This includes misuse of the company name, such as Booking com or Booking-com.com - things that are easy to miss on a quick scan.
Requests for sensitive details
Be very wary of any request for sensitive information, such as credit card numbers or bank details, through email, text or message.
While Booking.com claims it works behind the scenes to combat fraud, some users are concerned by the lack of transparency. Travellers have expressed disappointment at the absence of clear public announcements regarding recent scams targeting the platform. This silence can leave users feeling vulnerable and uninformed. It is important to do as much as you can to protect yourself from Booking.com scams.
What can you do if you’ve been scammed?
If you believe you’ve been the victim of a Booking.com scam, the first thing you should do is contact your bank. Report any fraudulent transactions associated with your compromised account. They may be able to block further charges and potentially recover stolen funds.
Next, update your Booking.com password and any other accounts that might have used the same login credentials. Consider using a password manager to create strong, unique passwords for each online service to prevent future Booking.com scams.
Then, inform Booking.com about the scam attempt. The platform can investigate the incident and may be able to take action against the perpetrators. You can report the scam through Booking.com's Help Center or by contacting customer support.
You can also report to the authorities via Scamwatch or the Australian Cyber Security Centre (ACSC) portal.
Let us help you handle it
In our busy lives, we often quickly check things on our phones and dash off emails or replies, so it’s easy to misread something and take a phishing expedition for a genuine request for payment from an authorised provider.
If you’ve been affected and aren’t getting the refund you believe you’re entitled to, lodge a complaint with us and help you handle it.