NewsBite

Advertisement

Warning after ‘sophisticated’ Booking.com scams surge

By Katherine Scott

In the week before a family holiday in October, Sydney-based business consultant Sue Brown received an email purporting to be from the Shoreline Hotel in Hawaii, where she had made a reservation via Booking.com, asking her to verify payment details.

“It said my room booking was going to be cancelled. The link provided looked like the genuine Booking.com site I’d used many times before to make payments,” said Brown.

Sue Brown received a fake email purporting to be from the Shoreline Hotel Waikiki after she booked on Booking.com.

Sue Brown received a fake email purporting to be from the Shoreline Hotel Waikiki after she booked on Booking.com.

It was only after sharing her credit-card information that she began to suspect foul play; a subsequent phone call to her sister, who had similar bookings and had also been targeted with the same message request, confirmed her worst suspicions.

“I realised then I’d been scammed, and I felt like an idiot as it had never happened to me before,” she said.

Brown described the con as a “very sophisticated” operation. “Somehow the scammers must have gained access to the hotel’s email. I immediately froze my credit card and I contacted the hotel.”

Brown also notified Booking.com, who said their fraud team would be in touch. At the time of writing, she is yet to hear from the company.

Brown is one of several Booking.com users who have contacted Traveller since November with similar experiences of phishing messages via hacked host accounts on the Booking.com platform.

Scams targeting Booking.com customers increased nearly sevenfold last year, according to data from Australia’s consumer rights watchdog.

The Australian Competition and Consumer Commission’s (ACCC) Scamwatch program received 363 reports of scams mentioning Booking.com between January 2 and December 31, 2023, amounting to losses of more than $337,000.

Advertisement

This is an increase of more than 580 per cent on the previous year, with 53 reports made for the same period in 2022.

Loading

A Booking.com spokesperson said the platform hadn’t been breached, but several accommodation partners had been targeted by scammers who used phishing emails to try to take over the host’s computer system with malware.

This resulted in some hosts’ accounts being accessed by fraudsters, who impersonated them in order to trick future guests into sharing financial details.

Booking.com did not confirm the number of hosts targeted, but said accommodations impacted were “a small fraction of those on our platform”.

“We understand the importance of keeping the data we are entrusted with secure. That’s why we continue to make significant investments to limit the impact, and have put new measures and alerts in place to update and protect our customers, as well as our accommodation partners,” said the spokesperson.

“If a customer ever has any concerns about a payment message, we encourage them to first carefully check the payment policy details outlined on the property listing page and in their booking confirmation.”

Customers can report any suspicious messages via Booking.com’s customer service team, or by clicking on ‘report an issue’, which is included in the chat function. As a rule, no legitimate transaction will ever require a customer to share sensitive information like credit card details via email, chat messages, text messages (including Whatsapp) or on the phone.

In light of the sharp increase in scam reports, the ACCC has warned Booking.com users to take steps to avoid being scammed.

This includes independently verifying any email containing a link and/or attachments that ask you to sign in or to enter personal or financial information; contacting the hotel/accommodation provider on a phone number that you have located yourself (never through one provided in an email or text); and using the Booking.com app to securely access your account and verify messages, as well as implementing two-factor authentication for an added layer of security.

The watchdog also warned that Booking.com customer service representatives will never ask you to provide your account password or financial information such as a credit card over the phone.

Sign up for the Traveller newsletter

The latest travel news, tips and inspiration delivered to your inbox. Sign up now.

Most viewed on Traveller

Loading

Original URL: https://www.smh.com.au/link/follow-20170101-p5f1mf