Booking.com has become one of the main travel e-commerce platforms for those looking for deals on hotels and holiday accommodation, as well as services such as car rentals and airline tickets. In fact, she is travel and tourism website with the highest traffic internationally, having processed more than one billion bookings in 2023, double the number recorded in 2016.
Apparently, the popularity of Booking.com has not escaped the attention of cybercriminals, who are always waiting for victims on online services with high traffic, report the experts of the global digital security company ESET.
Booking.com itself has acknowledged the magnitude of the problem and has seen an impressive “500 to 900% increase” in travel scams in the last 18 months. This increase is largely due to the use of tools like ChatGPT by cybercriminals since November 2022.
With the holiday season in full swing, let's take a look at some of the most common scams involving Booking.com and what to look out for, according to ESET experts, when using this platform
Phishing
Emails, text messages and social media messages are a staple in the scammer's arsenal. In this type of scams, fraudsters impersonate a trusted platform or organization to trick their victim into believing they are in contact with the website's official representative.
Obviously, Booking.com is not immune to these scams, fraudsters pretend to be representatives of the platform, hotel or other service that victims have booked through the website.
They often spin a plausible story and create a sense of urgency by trying to trick the victim into clicking a link to make a new payment in order to fix an alleged error or to avoid losing their booking, says Christian Ali Bravo of ESET team.
Figure 1. Scam attempt (Source: Reddit)
The availability of genetic artificial intelligence tools has paved the way for more convincing and effective scams. By creating phishing emails that are grammatically correct, with the correct content and without the red flags that could alert the recipient, cybercriminals can easily trick people and businesses into downloading malware onto their devices, revealing sensitive information or to transfer money.
Hacked chats
Some scammers may go a step further than sending random phishing emails. There have been several reports of cybercriminals finding a way to trick their victims through the messaging system of the platform itself.
After finding a way to get into the accounts of the hotels where vacationers made their reservations, they contacted a large number of people directly through in-app chat and prompted them to make a payment to confirm the reservation.
Fraudsters claim that there was a mistake in the previous payment, requiring a repeat payment in order not to lose the reservation. In other variations of this trick, scammers asked for credit card or passenger information to verify or confirm the reservation.
Although this did not occur as a result of a breach of Booking.com's systems or infrastructure, it is advisable to be wary of any communication that requests your personal data or payment information.
Non-existent… accommodations
Many holiday accommodations look like something straight out of a fairy tale. Over the years, many vacationers have fallen victim to fake listing scams. In this case, cybercriminals advertise a luxury house that can be rented at a low price and instruct their victims to pay, even through Booking.com. Upon arrival, you will find that the property does not exist or that the property is not for rent.
In fact, within a short time, Booking.com's control systems kick in – fake listings are discovered and removed. However, your vacation may already be ruined, so you better do your research before you book.
Look for reviews and ratings of the place, check if the price is roughly similar to "competing" houses or apartments, and reverse image search to see what's showing up - it's possible it's a free stock image or stolen from others websites. The bottom line is that if something seems too good to be true, it usually isn't.
Fictitious job offers
The text or message on social media is simple enough: “We need someone to review hotel reservations. We pay from $200 to $1.000. All you need to do is rate or like the hotel on (fake link on Booking.com)”. This is how the message that offers parallel employment, supposedly from Booking.com, begins. This is also a variation on popular work from home scams.
Figure 2. Fictitious job posting (source: Reddit)
Victims are asked to pay a down payment to secure the job and/or send their personal information, such as social security numbers or other information, which can be used to commit identity theft. In some cases, scammers may have their eyes on your cryptocurrencies or other information.
How to stay safe? Booking.com does not recruit people to review hotels and does not recruit people via text messages. Hiring is done through Booking Careers, and there are no jobs on the platform that require people to review hotels.
12 tips to avoid scams related to Booking.com and other travel scams
ESET's Christian Ali Bravo gives us 12 tips that will greatly help those who use Booking.com to stay safe:
- Whenever you contact someone representing Booking.com or a hotel you've booked, look out for the typical signs of a phishing email, such as imperative requests for supposedly immediate action.
- Always verify that emails are from the official body and be careful with spelling mistakes.
- If you receive a suspicious message, go directly to the website and log in to your account to verify it.
- Booking.com never asks for information such as your full credit card details, social security number or passwords via email or chat.
- Avoid clicking on links in spam emails or text messages.
- Make payments through the official Booking.com platform. Avoid transferring money directly to the hotel.
- Check reviews and ratings of the property on Booking.com and look for reviews that are authentic and detailed. Check and cross-check the details and images of the accommodation on other travel sites or platforms.
- Make sure your devices have up-to-date security software to protect against malware and phishing attempts.
- Keep your operating system and other software up to date to protect against security vulnerabilities.
- Protect your online accounts with strong and unique passwords or passphrases and two-factor authentication.
- If you experience any suspicious activity, please report the issue to Booking.com customer service.
- If you suspect your payment information has been compromised, notify your bank or credit card provider immediately.