Scam - again..

[KariannNor]

I just received a phone call from my bank that my debit card had been used by a foreign, possibly fraudulent website. They opened a case, but could not say which website it concerned, she explained to me that they can encrypt information so it is not visible. They are constantly investigating companies.
It must be either Booking.com or Omio train. Only heard of B.com previously, where there are only cases where "they" contact via email and ask for new verification. I have not done this, so for my part it could also be train tickets, or, via the B.com site itself. Fortunately, I have booked flights from a Norwegian company. So happy with this service from the bank, the card was closed immediately when they discovered it and I get a new one in the mail.

 

[Camino Chrissy]

I have just posted this a couple of days ago on another thread, but thought this new thread would be a good place to repeat it unless a moderator prefers to join the two threads together...

I had made over half of my lodgings for my upcoming Sanabres Camino in the spring through booking.com last December. Since I have been aware now of the Scams on their website, I have been watching closely. I had noticed recently that one of my bookings showed canceled in an email I received, but I had no memory of doing that, so was confused, but re-booked the room as it still showed rooms available.
Yesterday, I decided to message the property through the booking.com website and they replied that I have two bookings; that they never canceled the original one, and that I should cancel one of them, which I have now done.
Everything looked legitimate on the fake cancelation and no new credit card information was requested, which I find odd since it was a scam.
Anyhow, it looks like everything is now in order and ok...hopefully so.

 

[Rick of Rick and Peg]

Sometimes the scamming email has nothing in it to trick you other than getting you worried or helpful so you call the phone number they give you. Then the scamming really begins.

 

[David]

Banks "phoning you" - is a scam, banks don't do that. The trick is they say to prove they are really your bank to put the phone down and phone your bank direct. A different person answers - but!! they do this on a landline and don't actually put their phone down so when you phone in you just go back to them - so NEVER do that.
Just log in to your bank and see if there is a warning there for you.

 

[Paul-CH]

Banks "phoning you" - is a scam, banks don't do that. The trick is they say to prove they are really your bank to put the phone down and phone your bank direct. A different person answers - but!! they do this on a landline and don't actually put their phone down so when you phone in you just go back to them - so NEVER do that.
Just log in to your bank and see if there is a warning there for you.

I don't know about your bank, but the one I worked (a while ago) at did call me on my mobile, when I was sitting on my working place and did ask me if I just now did buy something in Sweden. As there have been two suspicious actions with my card. As I denied they canceled all actions to Sweden and I didn't loos any money. That's why they do ask about the mobile number in order to contact you immediately.

 

[David]

I don't know about your bank, but the one I worked (a while ago) at did call me on my mobile, when I was sitting on my working place and did ask me if I just now did buy something in Sweden. As there have been two suspicious actions with my card. As I denied they canceled all actions to Sweden and I didn't loos any money. That's why they do ask about the mobile number in order to contact you immediately.

With my last bank, Barclays, and my current bank, Nationwide, they don't do that. They send a text which starts with a piece of information only they could know and ask you to phone the fraud office. No direct phone calls from either as they also know about the phone scams.

 

[Paul-CH]

Credit-Suisse did it, I will find out if UBS does it as well, when they have overtaken all old customers in their systems.

 

[KariannNor]

Banks "phoning you" - is a scam, banks don't do that. The trick is they say to prove they are really your bank to put the phone down and phone your bank direct. A different person answers - but!! they do this on a landline and don't actually put their phone down so when you phone in you just go back to them - so NEVER do that.
Just log in to your bank and see if there is a warning there for you.

I was not quite correct. The bank first sent me an SMS with an 8-digit code. They asked me to provide this and the telephone number for customer service. I went into the bank and saw that my card was blocked before I called. They had done it a few minutes before. I have no reason to believe that I have been defrauded by the bank.

 

[Rick of Rick and Peg]

To give you a little more detail about @David's post above:

On landline phones when you hang up the phone you may actually still be connected to the party on the other end for a period of time. So if you pick up the phone again you could continue to converse with them. The scam works when you pick up the handset and dial the real bank. The scammers remain silent during this. After the dial tones complete a second person on that scammer's still connected call pretends to answer the call as your bank and steer you into giving them something of yours that they want.

One way of telling that this can be a scam is having a real person answering the call instead of a robot.

What to do? Call on a different line or on a mobile. Or go get your beverage of choice and wait serval minutes for the first call to really disconnect before calling.

 

[ShoshTrvls]

Banks "phoning you" - is a scam, banks don't do that. The trick is they say to prove they are really your bank to put the phone down and phone your bank direct. A different person answers - but!! they do this on a landline and don't actually put their phone down so when you phone in you just go back to them - so NEVER do that.
Just log in to your bank and see if there is a warning there for you.

My bank has definitely called me (and texted me) when they believe someone is trying to place a fradulent charge on my account. They don't ask for private information, just something along the lines of, "an internet charge is being made on your card for Joes' Scam Shop in Mongolia. Is this charge familiar to you?"

 

[KariannNor]

I have now called the bank's 24-hour service directly, the number given in my online bank after logging in with BankID. They confirmed via the case number that it is real.

 

[Camino Chrissy]

Sometimes the scamming email has nothing in it to trick you other than getting you worried or helpful so you call the phone number they give you. Then the scamming really begins.

Not sure my email had a phone number, but I'd never call as all my reservations are in Spain and I do not speak Spanish. When needed, I always send a message through booking.com, and translate their replies. It has worked very well.

 

[DenWhite]

I'm not into giving multi-nationals a plug but the Booking.com mobile app is great for keeping track of all bookings and any further follow up notifications.

 

[Anniesantiago]

I'm not into giving multi-nationals a plug but the Booking.com mobile app is great for keeping track of all bookings and any further follow up notifications.

This is actually true. I cannot see messages on my macbook air on booking but everything shows up fine on the iphone app. I hate that, bc I rarely use my phone, but that's just the way it is I guess. I better get with the program, it seems.

 

[MassNative]

I don't know about your bank, but the one I worked (a while ago) at did call me on my mobile, when I was sitting on my working place and did ask me if I just now did buy something in Sweden. As there have been two suspicious actions with my card. As I denied they canceled all actions to Sweden and I didn't loos any money. That's why they do ask about the mobile number in order to contact you immediately.

My Credit Union sends me an automated phone call alerting me about suspicious activity, but never prompt for personal information on the call. I am always told to call their fraud prevention number, and they tell me to look on the website for the toll free number.

Best practice is to never provide information on a call or email to you. Hang up or exit email, the browse or call to a known number to verify the bank/card.

 

[Camino Chrissy]

I'm not into giving multi-nationals a plug but the Booking.com mobile app is great for keeping track of all bookings and any further follow up notifications.

Exactly my reason for using that App on my phone exclusively overseas for 90% of my reservations. When I had to cancel my Camino in 2020 due to Covid, I'm sure I had 20+ reservations to deal with. Having them all lined up in order made the cancellations go really fast, but would have been a nightmare if I had a majority of reservations made direct through Spanish websites. It's worth it to me to pay a few $ more for the convenience. For US travel, we use Hotels.com or occasionally book BnB type properties online if they are not listed on the Hotels App.

BTW, that year in 2020 I was planning for 4 family members to join me. No way was I going to wing it on any lodging with so many of us going and all but one were newbies.

 

[Nelle]

Be careful with texts as well — while on the Camino last October I received a number of texts purporting to be from my bank and from my credit card companies alerting to “fraudulent” purchases that had shut down my card. In each instance I called my bank/credit card company back in the US (using the phone number on the back of the relevant card) and was informed that that the texts were fraudulent and my account was fine and no such charges had appeared. In each instance, the texts arrived a few days after using the card to withdraw money from an ATM at reputable Spanish banks. I’m not blaming the Spanish banks here — it’s just that the crooks have become incredibly sophisticated. I found that placing a long-distance call to your bank or checking online (if you trust the incryption) really helpful.

 

[Pilgrim9]

Just log in to your bank and see if there is a warning there for you.

Or visit a "bricks-and-mortor" branch of the bank, with your identification, and inquire in person.

 

[AnaRosario]

I just received a phone call from my bank that my debit card had been used by a foreign, possibly fraudulent website. They opened a case, but could not say which website it concerned, she explained to me that they can encrypt information so it is not visible. They are constantly investigating companies.
It must be either Booking.com or Omio train. Only heard of B.com previously, where there are only cases where "they" contact via email and ask for new verification. I have not done this, so for my part it could also be train tickets, or, via the B.com site itself. Fortunately, I have booked flights from a Norwegian company. So happy with this service from the bank, the card was closed immediately when they discovered it and I get a new one in the mail.

I don’t know what to do either because I had to get new cards twice while I was over in Spain because of this very situation and I use booking.com & omio as well. He was something I was thinking that may be, and perhaps Ivar could help in regards to setting up some sort of transactional disbursement with him where we would deposit a dollar amount with him and he could do the booking for us. In a secure account

 

[grayland]

Both of these threads involve Booking.
If I understand right they (scammers) have knowledge of a booking that has been made.
The information of the reservation indicates that the scam is getting info from Booking data base or insiders at some level at Booking.

Has anyone who has received a false email talked with Booking to see how widespread this scam is?

I may be confused as to how this has gone down.

 

[dougfitz]

Banks "phoning you" - is a scam, banks don't do that.

I think that one should check with their bank what its policy is about telephone contact. One of the financial institutions I use does, and has done so for many years. But they also have a range of measures about the nature and extent of any such contact. Most recently, they have added some additional measure to their smartphone app that allows its clients to check on the authenticity of any telephone contact they make.

 

[KariannNor]

If I understand right they (scammers) have knowledge of a booking that has been made.
The information of the reservation indicates that the scam is getting info from Booking data base or insiders at some level at Booking.

Has anyone who has received a false email talked with Booking to see how widespread this scam is?

I have read a lot about this today in various media (European) and from Booking.com itself. After all, they themselves have warned that fraud is taking place, so that you should not respond to inquiries from them. It is obvious that the "newest" scam takes place on the page and the app itself, so not just those who have received emails as in the last two weeks. I have therefore called the bank again this evening. I asked if it is wise now not to use this site at all now. The answer I got said "without saying" that hopefully there will be a solution/reveal eventually, and of course pointed out that it is not Booking.com that is the "culprit", but that this will take some time (implied: do not use the site right now).
When I have thought about this, it seems obvious that this very site is a "golden target". When I shop online, I NEVER provide card information, I always ask for an invoice to be sent by mail, which I can pay after receiving the product. But, when making a reservation on this, the seller needs a guarantee that the service will be charged to the right person, which is why I have been (so stupid) and provided card/personal information. This makes you an easy target.
So, for my part, I think, it's such an incredibly brilliant site to book in, such a clear and straightforward app, so - when the time comes that I'm in Spain, I can use it a day or two before (as I did last), and pay immediately. So write down the amounts, and follow up - if it is withdrawn several times from the same place, contact the bank and block the card. But, I'm not touching that site until the bank confirms it's safe again.
You ask how widespread, use google and see how many apply where you are.

 

[dougfitz]

Both of these threads involve Booking.
If I understand right they (scammers) have knowledge of a booking that has been made.
The information of the reservation indicates that the scam is getting info from Booking data base or insiders at some level at Booking.

Has anyone who has received a false email talked with Booking to see how widespread this scam is?

I may be confused as to how this has gone down.

I have puzzled over this. I wouldn't discount that these scams originate from individual properties rather that from Booking.com. If someone has detected a vulnerability in the Booking.com IT system, I would expect that the company would be able to address this quite quickly. In contrast, there must be thousands of hotels etc running a wide variety of booking systems, and identifying where the vulnerabilities are for many smaller concerns would be a challenging task, and much more difficult to rectify, even if Booking.com were to assist these places in that.

 

[ShoshTrvls]

For most bookings you can reserve with PayPal or GooglePay. One benefit to doing so is that, as I understand it, booking.com doesn’t get or store your card info - only PayPal or GooglePay have that info.

 

[dougfitz]

I have read a lot about this today in various media (European) and from Booking.com itself. After all, they themselves have warned that fraud is taking place, so that you should not respond to inquiries from them.

This doesn't make sense. There will be a time when one has to respond to enquiries, but the key is working out whether they are legitimate. At the risk of boring people, this is what the Booking.com website says:

Incorrect charges​

Reach out to your host or Customer Service through our messaging system. Remember, Booking.com should only be contacted through our official communication channels listed on our site and apps. No legitimate transaction (e.g. payments, reservation changes) with Booking.com will ever require you to pay with gift cards or to share your credit card details by phone, text message, or email.

If one is ignoring this, and responding with credit card details on anything but a properly secured web page or app, I would say that they are not just at risk of being scammed, they have started the process that will allow unauthorized access to their bank account.

 

[CWBuff]

Sometimes the scamming email has nothing in it to trick you other than getting you worried or helpful so you call the phone number they give you. Then the scamming really begins.

Not entirely true. We in the IT business are constantly being "groomed" to be on a lookout for anything (basically in that case - it is a company email but of course the same with some common sense applies to our personals emails as well)
Anyways - the trick here is to get you to click on something. an imbedded button, a link or perhaps even simply "reply". You did - BOOM! a virus has been inserted and now... bob's your uncle and your data is bad folks' domain!

As I said before - start by hovering the mouse over the sender's email - see if that looks legit and pay close attention to all digits 1 is not I, 5 is not S and 0 is not O (and vice versa) - that's just the tip of the 1C3B3RG

 

[KariannNor]

If one is ignoring this, and responding with credit card details on anything but a properly secured web page or app, I would say that they are not just at risk of being scammed, they have started the process that will allow unauthorized access to their bank account.

I very much see your point! But, its the only way of making a reservation. In a - what we think is a - properly secured web page.

 

[Rick of Rick and Peg]

that's just the tip of the 1C3B3RG

I'm too lazy to check. Is the C in 1C3B3RG the Latin C or the Cyrillic S (С)? Don't answer, it's a rhetorical question and I'm really just adding to the confusion.

 

[dougfitz]

I very much see your point! But, its the only way of making a reservation. In a - what we think is a - properly secured web page.

It's a conundrum. However, my recollection of earlier reports on the Booking.com scams is that people responded to an email or the like that suggested it came from the property that they had booked, and that communication provided a mechanism outside of the Booking.com messaging system with which to respond, which they did.

I don't expect that people consistently read the details of terms of service, etc, even when they click on the acknowledgement button saying they have. So I expect that there will be many people out there that might not even be aware that Booking.com even has a messaging system that they have implemented to ensure secure communications between clients like us and the properties. While it may not be our role to inform Booking.com's users about these things, I think it is worth ensuring forum members know about the protections that have been put in place. It also adds balance when reporting that people have been scammed, and there is the inevitable uncertainty about how to protect oneself.

 

[KariannNor]

Well, now I have said in many posts that it is not only those who are contacted, it is the booking itself that is hacked. I have no idea how, but I have been advised not to use them. I have no idea how people should protect themselves either. In any case, I have spoken up.
And no secure communication exists, I have called accommodations directly that have not received the same information. I don't think I can explain it any further.

 

[CWBuff]

@Rick of Rick and Peg - I will answer: its a Latin "C" becaus the whole word it is in is an English word

 

[CWBuff]

And no secure communication exists,

And as I have alluded to couple of times in other threads - just wait til these criminals REALLY hone-up the usage of AI that some 'dreamy people' keep on pushing forth as one of the most wonderful things that could ever happen to humanity!
NOT!!!!!

 

[KariannNor]

And as I have alluded to couple of times in other threads - just wait til these criminals REALLY hone-up the usage of AI that some 'dreamy people' keep on pushing forth as one of the most wonderful things that could ever happen to humanity!
NOT!!!!!

Sadly, but I suspect you hit the nail on the head there..

 

[Richard Smith]

Or go get your beverage of choice and wait serval minutes for the first call to really disconnect before calling.

Good general advice for all scams, which often use an artificial sense of urgency.

 

[trecile]

Has anyone who has received a false email talked with Booking to see how widespread this scam is?

Booking.com does know. I haven't received one of these phishing emails, but I did receive this from Booking.com.

 

[KariannNor]

What's the point of a discussion thread where you don't read through the posts what has already been said?

 

[Pilgrim9]

... and pay close attention to all digits 1 is not I, 5 is not S and 0 is not O (and vice versa) - that's just the tip of the 1C3B3RG

Yes.

For decades I worked in a technical field where communication errors and ambiguities were quite simply unacceptable due to the potential deadly consequences. To help avoid ambiguities, I used only the Consolas font because it provided a clear visual differentiation between 1 and l, and between 0 and O.

Regrettably the device I am using at this moment does not provide that font, but you can see it here:

Consolas font family - Typography

Typographic info for the Consolas font family

learn.microsoft.com

 

[grayland]

Frankly....I am just avoiding using Booking at this point. I am certain that Booking itself is not the doer (bad guy)..but the bad guys are using something within the Booking data or system to obtain information to use for phishing.
I just will refrain until this goes away.

 

[David]

A scammer cannot take your money or details, they can only invite you to hand them over .. an unexpected email or phone call? Don't respond. Close that and then go directly online to the bank or whomever else in question.
I don't book holidays but were I to book a holiday through any company I certainly wouldn't respond to any request to go outside that company to hand over money or details - why would anyone??

 

[judydaisy]

Both of these threads involve Booking.
If I understand right they (scammers) have knowledge of a booking that has been made.
The information of the reservation indicates that the scam is getting info from Booking data base or insiders at some level at Booking.

Has anyone who has received a false email talked with Booking to see how widespread this scam is?

I may be confused as to how this has gone down.

I spent hours, when I was scammed in January, looking for a contact number or email in order to contact a real person, not a robot in Booking.com. I eventually gave up. Grrr

 

[Rick of Rick and Peg]

Good general advice for all scams, which often use an artificial sense of urgency.

The only time I got caught by scam artist was with an email I felt I had to answer quickly. Luckily they were just fishing for suckers. I was then deluged with the real scams but they were so poorly done the header information that the email reader presented in the new mail message was enough to give them away.

 

[Camino Chrissy]

Booking.com does know. I haven't received one of these phishing emails, but I did receive this from Booking.com.

View attachment 164833

If this is a legitimate message from Booking.com, it seems everyone who has the App and has already booked with them this year or last would have received this same message to alert of scams. I find it a little odd that they are asking you to click on "anything" to determine the type of scam a person has had.

Just a thought I had...I'm not saying for sure that the message isn't legitimate, but the one I had showing I had canceled a booking when I had not, looked entirely official on both my app and in the email.

 

[David]

If this is a legitimate message from Booking.com, it seems everyone who has the App and has already booked with them this year or last would have received this same message to alert of scams. I find it a little odd that they are asking you to click on "anything" to determine the type of scam a person has had.
Just a thought I had...I'm not saying for sure that the message isn't legitimate, but the one I had looked entirely official on my app.

I'm not opening that!!

 

[K_Lynn]

Banks "phoning you" - is a scam, banks don't do that. The trick is they say to prove they are really your bank to put the phone down and phone your bank direct. A different person answers - but!! they do this on a landline and don't actually put their phone down so when you phone in you just go back to them - so NEVER do that.
Just log in to your bank and see if there is a warning there for you.

In my experience, yes, banks will call. My bank called me a few years ago to let me know that my credit card had been compromised. I was immediately suspicious because the phone number they were calling from was not shown on my phone and they wanted me to confirm my CC number and birthdate. I hung up, called my bank and contacted the fraud department and yes, my card number had been skimmed by a taxi company, the bank cancelled my card and issued a new one.

 

[Barbara]

Or visit a "bricks-and-mortor" branch of the bank, with your identification, and inquire in person.

We don't all have actual physical banks, and even for those who do, they might not be all that close. As in maybe another country.

 

[WGroleau]

So happy with this service from the bank, the card was closed immediately when they discovered it and I get a new one in the mail.

The chance of such a fraud happening while you are still in the same country is one of the reasons for the recommendation that you carry cards from two different banks. Another reason (happened to me) is that an ATM or POS might be unable to connect to one bank while it works with the other.

 

[Esperanza]

Here’s a detailed and technical explanation of the scam:

Scamming Booking.com clients through hotel accounts

How scammers use compromised hotel accounts on Booking.com to steal banking data from the hotels’ clients.

www.kaspersky.com

Long story short, the hackers are getting into the hotel computers to access clients’ travel information and using very sophisticated fake booking.com messages and websites to trick people into giving them their credit card info.

To protect yourself, don’t respond to any messages that your reservation has been or is about to be canceled. Instead, check directly with the hotel (but don’t use the contact information from the suspect email). Don’t ever resubmit your credit card information. And change your password right now.

 

[David61]

Banks "phoning you" - is a scam, banks don't do that. The trick is they say to prove they are really your bank to put the phone down and phone your bank direct. A different person answers - but!! they do this on a landline and don't actually put their phone down so when you phone in you just go back to them - so NEVER do that.
Just log in to your bank and see if there is a warning there for you.

Sorry to correct you but banks in the UK do call you if they suspect a scam. At least First Direct does as they have had cause to phone me three times. A couple for small uses of my credit card which they caught and the third was a biggie. I asked what I could do to avoid this and they said a member of their security team would phone me. Soon after the phone rang and a lovely woman chatted away and then said " Before we begin could you just give me your password?" I laughed out loud and said "You just rang me, not a chance" and she said I should call her back on the main line which I did. Answered by a random call handler who said Hello, yes she is expecting you, will put you through. Turned out she was the head of security. We had a long chat and went over my security and she was quite happy I was doing what I could. Then she told me that even she had been scammed and invited me to guess from where? M&S, a large chain of stores in the UK, some say upmarket. Turned out that when stores give you a card receipt and it is blanked out their copy is not blanked out but most stores do not use these, it is all automated so they just throw them away and some wiseguy decided to go through the bins and collect the details.

 

[Rick of Rick and Peg]

We once were called by our credit card company. They told us our card had been used illegally. We had no idea. They knew because it was by one of their employees who, if I remember correctly, used it to purchase something in Mexico. Our card wasn't the only one used this way. They sent us new cards with new numbers.

 

[camino07]

My bank in Australia phoned me while I was transferring euros into my new Wise card. Stated this was the fraud dept and had I just transferred a large amount into Wise. I was very thankful to them for keeping an eye on my account.

 

[DenWhite]

My bank in Australia phoned me while I was transferring euros into my new Wise card. Stated this was the fraud dept and had I just transferred a large amount into Wise. I was very thankful to them for keeping an eye on my account.

Very Wise to use Wise O/S

 

[Molly Cassidy]

My bank (N26) which operates all over Europe gives me, as well as my physical debit card, a virtual card. This can be used for online transactions and, I think, for payment through Google or Apple Pay.

The advantage of the virtual card is that if you have an issue when away from home, you simply cancel the card through the app and instantly generate a new one. You don't need to somehow receive a new card from another country.

 

[Esperanza]

Yes, that type of electronic credit card is also available from some banks in the US. Very handy when new because there’s no waiting for the physical card to arrive, and a lifesaver if you need a new card while away from home.

 

[ShoshTrvls]

"Help! My London Rental Apartment Vanished and I’m Out $3,100."

Following instructions she thought came from Booking.com, a woman wired payment for her planned eight-day stay to a bank account in Bilbao, Spain. It was a scam. She blames the company, but does she also bear some responsibility?

https://www.nytimes.com/2024/02/22/...-share&referringSource=articleShare&sgrp=c-cb