With summer officially here, many of us are now planning to escape on our hols, whether that’s enjoying a ‘staycation’ here in the UK or jetting off abroad. Regardless of where you’re going, it’s important that you make sure you’re booking with actual holiday providers, and not giving your hard-earned cash away to scammers. 

Unfortunately, scammers are constantly finding new ways to deceive travellers, and Booking.com, one of the world’s most popular travel booking platforms, is not immune to these threats.  

So, how you can protect yourself from fraudsters and ensure your holiday remains stress-free and enjoyable? 

What is the Booking.com scam? 

If you haven’t heard of the Booking.com scam before, here’s a quick outline of the scam and how it works. Scammers are pretending to be hotel representatives and sending fake messages through Booking.com's secure messaging system. They ask for extra payments to secure your reservation, tricking people into losing money. 

But how do they do this? Well, the hackers pretend to be former guests who left their passports or other items in their rooms, sending an email with a Google Drive link that supposedly contains an image of the passport. However, when hotel staff click on the link, it downloads malware onto their computers. 

This malware then searches the hotel’s computers for Booking.com access. Once the hackers gain access to the Booking.com portal, they can see all current room and holiday reservations. They then message customers through the official app, tricking them into paying the hackers instead of the hotel. 

Signs of a scam 

Now you’re aware of the scam, how exactly can you spot it, especially if it looks so real? Here are some key signs that a communication from Booking.com might be fraudulent: 

Unexpected payment requests 

If you receive a message asking for additional payment to secure your reservation, be wary. Legitimate hotels usually handle all payments through the Booking.com platform, and any requests for direct payments should sound some alarm bells. 

Urgency and threats 

Scammers will often use scare tactics to pressure you into making a quick decision. Of course, real businesses don’t do this, so messages that threaten a sudden cancellation if you do not pay immediately are a common sign of a scam. 

Suspicious links 

This is an obvious one as nowadays, most people are aware that you need to be cautious when suspicious links arrive in your inbox, but a reminder never hurt! Scammers often use phishing links to trick you into entering your payment details on a fake website, so always be careful and avoid clicking links. 

Poor grammar and spelling 

Many scam messages contain noticeable errors in spelling and grammar. While not a definitive sign, it can be an indicator that the message is not from a legitimate source. Unfortunately, AI (Artificial Intelligence) programmes like ChatGPT are making it easier for scammers to write convincing messages so don’t just assume because it doesn’t have errors that it’s real either. 

Unusual contact methods 

If the message asks you to communicate or pay through unconventional methods outside of Booking.com’s secure system, it's almost one hundred percent a scam. 

Preventive measures 

So, now you understand the scam and know what signs to look for, the next question on the tip of your tongue is undoubtably “how can I prevent it happening to me?”. Taking proactive steps to protect yourself can help you avoid falling victim to these scams, so here are some practical tips to keep in mind: 

Verify booking details 

Make sure that you always confirm your booking details directly through the Booking.com website or app. It’s best to avoid relying on information provided in emails or messages that seem suspicious. 

Use official channels 

Always communicate with hotels and booking agents through the official Booking.com messaging system. Never use any of the alternative contact methods suggested in unsolicited messages, booking agents would never ask for this so it’s a key sign of a scam. 

Check for HTTPS 

When visiting any website linked in a message, ensure the URL begins with "https://" which indicates a secure connection. Be wary of websites that do not have this security feature, it’s a sign that it’s not secure and that data you enter may be stolen. 

Update your software 

We know it’s easier to just keep tapping those ‘update later’ buttons, but it’s really important that you keep your antivirus and anti-malware software up to date. This is one of the best ways to protect against malicious attacks that can put your email and personal information at risk. 

What to do if you suspect a scam 

Despite your best efforts, you might still encounter a suspicious message or even fall victim to a scam. Here’s what you should do if that happens: 

Report the scam 

Immediately report any suspicious messages to Booking.com as well as Action Fraud. They can then investigate the issue, confirm whether it’s a scam, and take action to prevent other users from being targeted. 

Contact your bank 

If you have made a payment through a fraudulent link, contact your bank or credit card company right away. They can help you to secure your accounts and possibly even recover your money, although this is not a guarantee.  

Change your passwords 

If you suspect your Booking.com account has been compromised, change your passwords immediately and log out of all sessions. Use a strong, unique password for each of your online accounts, we’re talking capitals, special characters, and numbers. Try to avoid anything too obvious, for example, your pet’s or children’s names as you’ll likely have this all over your social media and it can be easy to guess. The National Cyber Security Centre recommends using three random words as your password, just don’t forget to also put in capital letters, symbols, and numbers. 

Monitor your accounts 

Make sure you keep an eye on your bank and credit card statements for any unusual activity or anything that you don’t recognise. Report any unauthorised transactions to your bank as soon as possible, the faster you report it, the more likely they’ll be able to help. 

Final thoughts 

Booking a holiday should be exciting and stress-free, and with these tips, it can be! Just remember to stay vigilant and if something seems suspicious, it probably is. Happy travels! 

Need some extra help with your organisation’s cyber security? Contact us today to find out how we can help.