IT Security Alert - Booking.com holiday booking scam

ITDS have received reports that some Booking.com customers have been targeted by a hotel booking scam where scammers hijack hotels’ Booking.com accounts and use them to trick guests into sharing their payment card information.

Scammers will send emails or in-app messages to customers, pretending to be hotel owners requesting confirmation of payment details for upcoming stays. These emails and messages appear as legitimate Bookings.com communications. The victims are then directed to malicious URLs for inputting the information, which is then used to withdraw money from their accounts.

What do I need to do?

Bookings.com customers should be wary of emails or app messages requesting payment details, as they may not be legitimate. Be suspicious of such messages even if they appear to come through legitimate channels.

If you do receive any communications, it is best to contact Bookings.com directly via their Help Center page instead of replying to the received email or app message.

If you believe you have fallen victim to this malicious activity you should:

  • Update your Booking.com password as well as any other website or service that uses the same password
  • Contact your financial institution and have a block placed on the account/card used for the transaction

You should also:

  • Implement multi-factor authentication on all your accounts
  • Double-check URLs before opening them

Further support

For more information, please log a ticket via the MyIT Portal

Tagged in booking.com holiday scam