Affordable vacations are becoming more and more popular – and increasingly difficult to find. It’s all the better when we get a real bargain or have finally found the accommodation that promises us a relaxing and wonderful holiday. It’s just stupid when exactly this booking is then used by criminals to take money out of our pockets with a lousy scam. This is exactly what has been happening for months with bookings via the “Booking.com” platform.
Since January of this year, the consumer advice center has been specifically warning of a scam in which the platform’s customers receive an email from the supposed accommodation shortly after booking. The first case of this kind came to light in May 2023. The email even contains a link that leads to a booking page that looks very similar to the original. The fraudsters also send a WhatsApp with your real name and hotel name. So you actually use confidential booking data – from the exact booking period to the booking number – to get the customers’ bank details.
And the scam is extremely successful. According to consumer advice centers, more and more people are reporting similar incidents with sometimes horrendous loss of money. The problem: The news appears serious because the rip-offs have data that they shouldn’t actually have. According to experts, the reason for this is a security leak in the booking portal. However, Booking.com vehemently denies any such gap in data protection.
The portal has a different explanation for the scam. Accordingly, accommodation partners fell victim to phishing emails, which in turn gave the fraudsters access to the data through a computer virus. “Even if the number of accommodations affected only makes up a fraction of the accommodations on our platform, we are aware of the seriousness of the situation for those affected,” the company wrote when asked by Stern.
We are working hard to support our partners in securing their systems as quickly as possible – as well as to provide all potentially affected customers with appropriate assistance, including support in reimbursing costs. So the leak has not yet been found, the (digital) doors for further scam emails are still open. For customers of Booking.com and other online booking platforms, the following applies: book carefully – and read emails correctly.
But how do I recognize a potential case of fraud in good time? No matter how convincing the emails and messages may be at first glance, there are always small details that expose fraudsters. For example, it is worth taking a look at the imprint of the linked homepage in the email. If the site does not belong to Booking.com or the accommodation booked, caution is advised.
In addition, when making online purchases, you should always be careful about disclosing sensitive data, especially credit card numbers and other account details. Booking.com usually does not require customers to provide relevant data via WhatsApp or email, but rather asks for this when booking. If in doubt, it is also worth calling the provider and checking to see whether the email came from them. “If an accommodation appears to require payments that are not listed in the booking confirmation, we ask customers to contact our customer service directly, which is available 24 hours a day,” reads the statement from Booking.com, which was provided to Stern is present. Customers could also report suspicious messages by clicking “Report a Problem” – this option is included, among other things, in the chat function of our platform.
And what if it’s already too late? Then you have to change passwords, block your credit card and adjust access to online banking as quickly as possible. In the next few days you should also keep a close eye on your account transactions in case the fraudsters have managed to access them. And of course you should report the fraud in order to ideally protect other holiday bookers from a rude awakening.
Source: Booking.com, consumer advice center, Federal Office for Security and Information Technology