From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation
Booking.com has become one of the main go-to platforms for travelers looking for holiday accommodation deals, but also for services like car rentals and airline tickets. In fact, it is the most visited travel and tourism website worldwide, having processed more than a billion bookings in 2023, double the number recorded in 2016.
Obviously its popularity hasn’t escaped the attention of cybercriminals, who invariably flock to online services with high traffic. Vacation booking websites are highly lucrative hunting ground for victims.
Booking.com itself has acknowledgement the magnitude of the problem and said that it has seen a staggering “500 to 900% increase” in travel scams in the past 18 months – and that this increase is largely driven by cybercriminals’ misuse of tools such as ChatGPT since November 2022.
With vacation season in full swing, let’s review some of the most common scams exploiting Booking.com and what to look out for when using this platform.
Phishing emails, texts and social media messages are a staple in fraudsters’ arsenals. In these scams, they impersonate a reputable platform or organization to trick the victim into believing they are in contact with the site’s official representative.
Obviously Booking.com isn’t immune to these scams, and fraudsters continue to churn out campaigns where they pose as the platform or representatives of the hotel or another service that the targets have booked via the site.
They often come up with a plausible story where they drum up a sense of urgency and seek to dupe the victim into clicking on a link where they need to make a new payment in order to fix a purported error or face the prospect of losing their reservation.
The easy availability of generative AI tools has opened the floodgates to waves of more convincing and effective scams. By generating phishing emails that are grammatically correct, contextually appropriate, and free of typical red flags that might alert the recipient, they can easily trick people and businesses into downloading info-stealing malware on their devices or into divulging sensitive information or transferring money.
Some scammers may go a little further than sending out random phishing messages. There have been a number of reports of attackers finding a way to dupe their victims via the platform’s messaging system.
After finding their way into the accounts of the hotels where holiday-makers made their reservations, they have contacted large numbers of people directly via the in-app chat and urged them to make a payment to confirm the booking.
The ruse involved an alleged error with the previous payment, requiring them to pay again and avoid missing out on their holiday. In other variations of this ploy, the fraudsters requested credit card or passenger data to verify or confirm the booking.
While this didn’t occur as a result of a breach of the platform’s backend systems or infrastructure, you’re well advised to look out for any communications that request your personal or payment data.
Many holiday properties appear to be straight out of a fairy tale. Indeed, some of them are, quite literally, unreal. Over the years, many holiday-makers have fallen victim to fake listing scams where cybercriminals advertise a luxury holiday home that can be rented at an irresistible price and instruct people to pay, even via Booking.com. Upon arriving, you’ll find that the accommodation doesn’t exist or the property is not for rent.
In fact, soon enough, the platform’s own systems kick in – the fake listings are discovered and removed. However, your vacation may be ruined by then, so you’re better off doing your diligence before booking.
Look for reviews and ratings for the place, check if the price is roughly similar to those for “competing” houses or apartments, and reverse-search the image to see what comes up – it is likely a free stock image or it was stolen from other websites. The bottom line is, if something looks too good to be true, it usually is.
The text or social media message is straightforward enough: “We need someone to evaluate hotel bookings. We pay between $200 and $1,000. All you need to do is rate or like the hotel on (a fake Booking.com link).” This is how the message offering an irresistible side hustle, supposedly from Booking.com, begins. It’s also a variation on popular work-from-home scams.
You’re then asked to pay an advance fee to secure their jobs and/or to send their personal information like Social Security numbers or other details, which can be used to commit identity theft. In some cases, the scammers may be after your bitcoin or other crypto.
How to stay safe? Booking.com doesn’t hire people to review hotels, and they don’t hire people via unsolicited text messages. Hiring as such takes place through Booking Careers, and there is no job vacancy on the platform requiring people to review hotels.
These tips will go a long way towards helping you stay safe while using Booking.com.:
Bon voyage!