As temperatures heat up and many of us start planning summer holidays, there are fears about a booking scam that could leave you thousands of pounds out of pocket.
It could be as simple as a message or email from the hotel you have just reserved a stay with, asking for a payment to secure a your holiday.
And because it comes through Booking.com and looks legitimate, you rush to pay or hand over credit card details.
They are not going to the hotel, however, but to scammers who have taken over a hotel’s Booking.com account.
This type of fraud can be costly. Between June 2023 and September 2024, Action Fraud received 532 reports of scams of this sort, with a total of £370,000 lost.
Sign up for all of the latest stories
Start your day informed with Metro’s News Updates newsletter or get Breaking News alerts the moment it happens.
They believe fraudsters are using phishing attacks against accommodation providers to take over their Booking.com accounts.
They then send unexpected in-app messages, emails, and WhatsApp messages to customers.
This means the usual warning signs of a scam, such as odd text messages or emails, do not apply.
Action Fraud do not believe these take-overs are linked to Booking.com’s backend system or infrastructure.
How to protect yourself from Booking.com scams
The most important thing is to check that any communication you receive is genuine.
If you receive any urgent payment requests, you should immediately reach out to the Booking.com Customer Service team to confirm.
Be aware that no genuine Booking.com transaction will ever require a customer to provide their credit card details by phone, email, or text message (including WhatsApp).
Although Fraud Action says a hotel provider may reach out to request payment information, like credit card details.
But you should always verify the authenticity of the message before providing any information.
You should also treat any links you are sent with suspicion.
Authentic payments won’t take place on a site other than Booking.com or their app.
Booking.com also advises: ‘Always double-check the property’s payment policies listed on the booking page or in your confirmation email. If there is no pre-payment policy or deposit requirement outlined, but you’re asked to pay in advance to secure your booking, it is likely a scam.’
There are other giveaways of fraud you can still look out for.
These include grammar and spelling mistakes, as well as urgency.
If you realise too late that you have typed financial details into a site, get in touch with your bank in case they need to block or cancel your card.
The fraudsters send messages that are designed to make you panic.
They tell you there has been a problem with your credit card, of your banking details need to be verified, adding that without a response your reservation will be cancelled.
There might be a link in the message for you to provide your banking details.
Holidaymakers should also be aware of another scam that employs fake Booking.com web pages.
People are then tricked into downloading a malicious file that gives criminals full control of your device.
According to technology firm HP Wolf Security, links to these web pages come in email.
When customers access the site and press ‘accept’ to cookie before they can view the webpage, thjat triggers the file to download.
Booking.com said: ‘Unfortunately, there is an increasing number of online scams targeting many businesses operating in the e-commerce space. With the rise of AI, cybercriminals are able to create increasingly sophisticated scams.’
They added that Booking.com continue to invest in cybersecurity, and stressed incidents on the platform were rare.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.