Booking.com Scams

The integrity of online travel bookings is paramount, and recent revelations regarding widespread scams on Booking.com raise serious concerns for both consumers and the broader travel industry. A Which? investigation has uncovered a disturbing pattern of sophisticated phishing attacks, primarily exploiting compromised hotel and host accounts to defraud unsuspecting travelers.

These scams typically involve criminals gaining unauthorized access to legitimate property accounts on Booking.com’s platform. They then use the official messaging system to send guests fake payment requests, often citing issues with their credit cards or imminent cancellation if payment isn’t made immediately via external links or QR codes. This method is particularly insidious because the messages appear to come from the booked property within Booking.com’s trusted environment, making them incredibly difficult for consumers to identify as fraudulent.

The consequences for travelers are dire, ranging from significant financial losses—often hundreds or even thousands of pounds—to ruined holiday plans and immense stress. While Booking.com acknowledges these "sophisticated phishing techniques" and states its investment in security, the experiences of affected customers paint a different picture. Many report frustrating encounters with customer service, difficulty in securing timely refunds, and a perceived lack of accountability from the platform. This erosion of consumer trust impacts not just Booking.com, but the reliability of the entire online travel booking ecosystem.

For travel professionals, this crisis underscores the critical need for robust digital security measures across all booking platforms and a more proactive approach to consumer protection. Our industry thrives on trust, and when a major online travel agency (OTA) allows such vulnerabilities, it impacts everyone. While Booking.com advises users to remain vigilant, use two-factor authentication, and avoid clicking suspicious links, the core issue lies in the compromise of its internal system. It’s imperative that platforms like Booking.com take stronger, more transparent steps to secure partner accounts, swiftly resolve scam incidents, and provide clearer pathways for victim restitution. Protecting our guests from these predatory scams must be a collective priority to maintain the reputation and reliability of online travel.

Key Points

• Primary Scam Method: Phishing attacks exploiting compromised hotel/host accounts on Booking.com.
• Delivery Channel: Booking.com’s official messaging system is used by scammers.
• Scam Tactic: Fake payment requests (e.g., credit card issues, imminent cancellation) direct users to external links or QR codes for payment.
• Impact on Consumers: Financial losses (hundreds to thousands of pounds, e.g., £1,300, £800), ruined trips, and significant stress.
• Booking.com’s Stance: Acknowledges "sophisticated phishing techniques," claims investment in security, advises reporting scams, and educating partners.
• Customer Experience: Reports indicate poor customer service, difficulty obtaining refunds, and slow resolution from Booking.com.
• Which? Conclusion: Booking.com’s platform is actively being exploited, and its response to the scam crisis is deemed insufficient.
• User Advice: Travelers are advised to be wary of external payment requests, utilize two-factor authentication, contact properties directly to verify suspicious messages, and avoid clicking suspicious links.

Read the Complete Article.