Twitter
Facebook
Instagram
Youtube

Fluid Edge Themes

Insider Tips

How can we be of service? Let us count the ways. We actually mean service – unlike those who have promised it before and didn’t show up when it counted most. Consider these insider tips your key to consumer affairs.
A woman whose credit card has been compromised due to booking.com phishing scam

Travel trap: Beware of Booking.com scammers

Danger Zone
, ,
By

Booking travel and accommodation has never been easier thanks to the internet, but as Booking.com users have found, the modern convenience is not without its traps.

In the year ending December 2023, Australians lost more than $337,000 to scammers impersonating some of the online travel agency’s accommodation partners.

There were 363 reports to the Australian Competition and Consumer Commission’s Scamwatch mentioning Booking.com, a jump of more than 580 percent on the previous year’s total of 53.

So, how are scammers getting your money, and what can you do about it?

Understanding Booking.com scams

Travellers have reported receiving emails or text messages that appear to be from their hotel or Booking.com. These messages claim there is an issue with the recipient’s reservation and threaten cancellation if payment details aren’t confirmed immediately. The scammers cleverly use Booking.com's logo, colours, and even the official email address to trick people into thinking they're legitimate.

 

A man shocked to have fallen victim to the booking.com scam

 

This tactic ensnared Robyn, who unknowingly entered her credit card information on a fake Booking.com website after clicking a link in a fraudulent message. The fraudsters used the stolen data to book additional accommodation, totalling a whopping $25,000 in unauthorised charges. Luckily, Robyn's bank will reimburse the stolen funds.

Booking.com confirmed its system wasn't compromised. Instead, the attack targeted the hotel's internal booking system. It's believed malware was installed on the hotel's computers, allowing scammers to steal its login credentials for Booking.com.

Identifying phishing attempts

Phishing remains one of the most common scam tactics, costing Australians tens of millions each year, especially those with limited cybersecurity awareness. Here are tell-tale signs of phishing attempts:

    • Urgency and threats to create a sense of panic. Scammers exploit your fear of something going wrong, which pressures you into acting immediately. In Booking.com scams, for example, they might claim your reservation will be cancelled unless you "confirm" your payment details within a ridiculously short timeframe – like the 12 hours a New Zealand traveller was given.
    • Suspicious links embedded within scam texts or emails. For example, if the website name is Booking.com, a fake link might show Booking-com.com
    • Generic greetings such as "Dear Customer" instead of your registered name.
    • Poor grammar and spelling errors. Legitimate companies typically prioritise professional communication, avoiding typos and grammatical mistakes in emails or messages.
    • Requests for sensitive details such as credit card information through email, text, or message.

The Booking.com scam is even trickier to spot, with scammers using the platform's messaging system to impersonate hotels. It’s a “very sophisticated” scheme, according to a Sydney-based traveller who also fell victim to this tactic.

How to protect yourself from scams

While Booking.com claims it works behind the scenes to combat fraud, some users are concerned by the lack of transparency. Travellers have expressed disappointment at the absence of clear public announcements regarding recent scams targeting the platform. This silence can leave users feeling vulnerable and uninformed.

Regardless of the company’s communication approach, you can take proactive steps to protect yourself. Here are some practical tips:

    • Don't skim important messages, especially those involving money. Scammers prey on our busy lives and hope we'll rush through emails or messages. Take a moment to carefully read any communication that requests financial information or asks you to click on a link.
    • Look for red flags in emails or messages, such as urgency, bad grammar, and generic greetings (see the previous section for details).
    • Verify sender information. Legitimate communication will come from email addresses with the domain name (eg: @booking.com) at the end. Don't trust unfamiliar email addresses or phone numbers.
    • Hover over links before clicking to see if the actual address matches the displayed text. Never enter personal information on websites reached through links in emails or messages.
    • Confirm a message's authenticity. If it claims to be from a hotel you booked with, call the property directly using a phone number found on their website (not the one in the message).
    • If possible, enable two-factor authentication on your account for an extra layer of security. This requires a code from your phone and your password when logging in, making it harder for scammers to breach.
    • Before booking, read reviews from trusted sources and check the property's website for contact information.
    • Be wary of unbelievable deals. If a price seems too good to be true, it probably is. Do your research to get a sense of average pricing for the location and type of accommodation.
    • Use a credit card, as it typically offers better fraud protection compared with debit cards. Consider using a credit card with travel insurance benefits.
    • Avoid sending money through wire transfers, as these transactions are often difficult to reverse if something goes wrong.

What can you do if you’ve been scammed?

If you believe you’ve been scammed, the first thing you should do is contact your bank. Report any fraudulent transactions associated with your compromised account. They may be able to block further charges and potentially recover stolen funds.

 

A woman reporting a fraud transaction to her bank

 

Next, update your Booking.com password and any other accounts that might have used the same login credentials. Consider using a password manager to create strong, unique passwords for each online service.

Then, inform Booking.com about the scam attempt. The platform can investigate the incident and potentially take action against the perpetrators. You can report the scam through Booking.com's Help Center or by contacting customer support.

You can also report to the authorities via Scamwatch or the Australian Cyber Security Centre (ACSC) portal.

In our busy lives where we check things on our phones and quickly dash off emails or replies, it’s easy to misread something and take a phishing expedition for a genuine request for payment from an authorised provider.

If you’ve been affected and aren’t getting the refund you believe you’re entitled to, get in touch and we’ll help you handle it.

 
Share

Related posts

By
By
By
By
Get the greatest and latest tips to save you cash
#handlemycomplaint
Copyright Handly My Complaint.

Thank you for visiting our website.