Booking.com is one of the most popular online travel agencies worldwide…but it has its share of online hotel booking scams.

It’s available in 43 languages, with over 28 million reported accommodation listings across 227 countries and more than 1.5 million room nights reserved daily.

The platform’s extensive reach and user-friendly interface make it a preferred choice for travellers seeking accommodations globally.

However, its popularity also attracts the attention of scammers looking to exploit unsuspecting travellers and hotel businesses.

Sometimes, it can be better to book direct with the hotel or guesthouse – we’re happy to take direct bookings as well at Glencoe B&B.

Whether you are a traveller, a landlord, or a hotel owner, understanding the tactics used by these scammers of these online hotel booking scams is the first step in protecting yourself or your business.

How Scammers of Online Hotel Booking Scams Hack Booking.com Accounts

Scammers and hackers have increasingly targeted businesses that use Booking.com by employing sophisticated phishing tactics. The process typically unfolds as follows:

  1.     Phishing Emails: Hackers send phishing emails to hotel staff, often disguised as official communications from Booking.com. These emails contain malicious links that, once clicked, download malware onto the hotel’s computer systems.
  2.     Malware Installation: The malware infiltrates the hotel’s network, searching for data related to Booking.com reservations. This can include sensitive customer information such as names, email addresses, and booking details.
  3.     Direct Contact with Customers: Using the stolen information, hackers contact the hotel’s customers directly, pretending to be the hotel or Booking.com representatives. They often claim that there is an issue with the booking or payment, prompting the customer to provide payment information or make a new payment, which goes straight to the scammers.

These types of online hotel booking scams are particularly effective because they exploit the trust customers place in reputable platforms and the legitimate appearance of the communications they receive.

6 Common Booking.com scams you should know and avoid

  1. Fake accommodation listing

Scammers create fake property listings to lure customers, often offering significantly lower prices to attract bookings.

Example: An apartment is listed on Booking.com with minimal photos and no reviews. The listing claims to be “pay on arrival with free cancellation” but also states, “Booking.com takes your payment on behalf of the property.” If you contact the supposed landlord, they will claim they have no bank account on file with Booking.com and ask for a bank transfer to a personal account. If you pay, your money will go into the scammers’ pockets.

  1. Payment scam

Payment scams often involve scammers convincing travellers to make payments through unofficial channels. The perpetrators typically contact guests via the platform’s messages or email, asking victims to complete payments using an alternative method or website. They often cite reasons like their bank account being connected to a different website.

  1. Overpayment Scams (targeting booking.com partners): Scammers pose as guests and overpay for a booking using stolen credit cards. They then request a refund of the overpaid amount through a different method, such as a wire transfer, which, once completed, leaves the hotel at a loss when the fraudulent payment is reversed.
  2. Phishing Emails and Fake Booking.com Webpages

Online hotel booking scams – in the form of phishing scams – often use fake Booking.com webpages that look legitimate by pre-populating the victim’s personal details, such as full name, hotel information, and stay duration. This tactic enhances the credibility of the scam. On these phishing pages, victims are prompted to re-enter their credit card or bank details, which attackers then collect and use for fraudulent activities.

  1. Fake Confirmation Emails

When they manage to enter a hotel’s system, scammers send messages to customers asking for bank card details and threatening reservation cancellation. These scam emails, originating from within Booking.com’s system, instruct recipients to confirm hotel payment through an embedded link. The emails claim the reservation will be cancelled unless the details are provided within a specified time frame, typically twelve hours. These notifications also appear in Booking.com’s mobile app, adding to the scam’s credibility.

  1. Booking.com tech support scam

This scam consists of emails alerting users to suspicious activity in their Booking.com accounts. These emails claim there has been unauthorised access and prompt users to click a link for assistance. The link directs them to a fraudulent site where they are asked to provide personal information or download software. This data is then used for identity theft or further malicious activities.

How to Spot a Booking.com Scam

To protect yourself from Booking.com scams, watch out for these warning signs:

  1.     Suspicious Emails: Be cautious of unexpected emails requesting immediate action or payment, especially those not addressing you by your name. Check for unusual sender addresses or links.
  2.     Payment Requests: Be wary of any request for payment through unconventional methods, such as wire transfers or direct bank deposits, especially if the request comes via email or phone. Booking.com never asks users to make payments outside their platform.
  3.     Too Good to Be True Deals: Listings with prices significantly lower than the average for the area should raise a red flag. Verify such listings by checking reviews and contacting the property directly.
  4.     Urgent Language: Phishing emails and messages typically convey a sense of urgency, making you feel the need to act immediately. They might ask for your credit card details, claiming it’s for a “verification test” or insist on a payment, with the threat of cancelling your booking if you don’t comply.

For more of our blogs, click here.