• For 2024 Pilgrims: €50,- donation = 1 year with no ads on the forum + 90% off any 2024 Guide. More here.
    (Discount code sent to you by Private Message after your donation)

Search 69,459 Camino Questions

Beware of Phishing Scam Targeting Booking dot com Reservations

Time of past OR future Camino
2006 to date: Over 21 Caminos. See signature line
Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David
 
The 2024 Camino guides will be coming out little by little. Here is a collection of the ones that are out so far.
Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David
Thanks for that. I have noticed that they do message you through the website to answer questions etc. so that is an extra layer of protection instead of responding to emails.
 
Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David
Thanks for posting. I got one of these phishing emails, too, AND THEY LOOK VERY OFFICIAL, SO BEWARE!!!! It even contained my exact confirmation number.

I'm posting in below a copy of what I received, so people can see how genuine they look. The only thing that saved me was that they sent me 3 identical emails in quick succession, which made me suspicious enough to reach out to the hotel directly. I'm also not sure how pro-active Booking.com is being, so BE CAREFUL!!! Here's the email I received. The original also includes booking.com's logo and what appeared to be a real booking.com return address:


From: "Hotel Wing International Premium Tokyo Yotsuya through Booking.com" <noreply@booking.com>
Date: September 14, 2023 at 5:37:33 AM PDT
To: (email address removed by moderator)
Subject: You have a new message from Hotel Wing International Premium Tokyo Yotsuya through Booking.com
Reply-To:
"Hotel Wing International Premium Tokyo Yotsuya through Booking.com" <noreply@booking.com>


Confirmation number: xxxxxx
You just got a new message from Hotel Wing International Premium Tokyo Yotsuya

Property's message:
Dear guest

We regret to inform you that your credit card has not passed the security check performed by the reservation system and has been marked as invalid. As a result, your reservation may be canceled.

To prevent this from happening, you will need to complete a short card verification process. Please follow this link to start the procedure.


Please note that after you have entered your details, do not leave the page for 5 minutes, our payment system is overloaded and there may be delays, also, after your card has been processed, in some situations you will need to call your bank to authorize the transaction, as well as regularly check your mobile app and confirm the transactions that you have received after entering your bank card.

In accordance with our booking policy, if this process is not completed within the next 12 hours, your reservation will unfortunately be canceled.

We are sorry for any inconvenience this may cause and thank you in advance for your prompt resolution of this matter.

With respect! Hotel Wing International Premium Tokyo Yotsuya
<mime-attachment.png>
Message from Booking : We remind you that you still have not updated your details. Use the link / QR code you received in the chat above and update the information. Otherwise your booking will be cancelled. ⚠️
<mime-attachment.png>
Dear guests, our system is overloaded, please, after you have entered your bank card, wait 5 minutes and do not exit the link, confirm transactions in your bank’s mobile application, or enter the SMS/OTP code
<mime-attachment.png>
Dear guests, our system is overloaded, please, after you have entered your bank card, wait 5 minutes and do not exit the link, confirm transactions in your bank’s mobile application, or enter the SMS/OTP code

Reservation Details
Guest name:
Andrew Cohn
Check-in:
Sat, Sep 30, 2023
Check-out:
Tue, Oct 3, 2023
Booking Number:
Xxxxxx
Total guests:
2
Total rooms:
1
© Copyright Booking.com 2023
This email was sent by Booking.com
Booking.com will receive and process replies to this email as set forth in the Booking.com Privacy Statement. The content of the message from Hotel Wing International Premium Tokyo Yotsuya was not generated by Booking.com, meaning Booking.com cannot be held accountable for the content of the message.
Why did I receive this message?

email_opened_tracking_pixel


 
Last edited by a moderator:
Technical backpack for day trips with backpack cover and internal compartment for the hydration bladder. Ideal daypack for excursions where we need a medium capacity backpack. The back with Air Flow System creates large air channels that will keep our back as cool as possible.

€83,-
I received an email about a week ago, saying my credit card details for one of my upcoming bookings needed to be verified or the booking would be cancelled within 12 hours. Did look official with what looked like a legitimate email address. But I didn’t click. I checked on booking app and there was no message. I reported it though haven’t heard anything back yet.
 
No matter who sends me an email looking for information or payment, or offering me a free trip to Santiago de Compostela 😁 - I take a screenshot before deleting the message and then send a separate message to the company through the contact details on their website. I even do that with Revenue messages. If it is a delivery company - where I live, we all know the guys so it is even easier to check!
 
Prepare for your next Camino on Santa Catalina Island, March 17-20
I received a similar message via Booking.com site specifically under Hotel Roncesvalles. I called the hotel directly and they advised me that it was a scam and that my reservation was intact. Whoa, talk about a breach of security!
 
I had a similar situation happen a few years ago. I received a very official looking email from Bookings asking me for details about my credit card because the approval had been denied. I talked directly to Bookings and they said ignore it. To this day, I suspect it was some hotel employee trying to hack my credit card.
 
The focus is on reducing the risk of failure through being well prepared. 2nd ed.
I have received two of those messages on my cellphone, problem credit card info and my booking would be cancelled within 4 hours if not confirmed.
Click on one of them and was in a chat!
I explained that I would contact booking.com, that it was not the way to go, that I don't confirm.
Not heard from them again.
Checked on my laptop on booking.com.and the messages were there too.
Logged off all my booking.com connections and reset my password.
Contacted customer service booking...no reply....
I use VPN and Bitdefender on my cellphone.
Did a scan no problems.
 
Last edited:
A Treasure Trove Of Interesting Pilgrim Hacks! Learn & Share Your Own Too!
I received an email about a week ago, saying my credit card details for one of my upcoming bookings needed to be verified or the booking would be cancelled within 12 hours. Did look official with what looked like a legitimate email address. But I didn’t click. I checked on booking app and there was no message. I reported it though haven’t heard anything back yet.
I received a similar message that came through booking.com and not via email. It followed a thread of previous conversations with the host so I assumed it to be valid and completed the “card verification” out of trust. They later responded that it was indeed invalid. Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.
 
I received a similar message that came through booking.com and not via email. It followed a thread of previous conversations with the host so I assumed it to be valid and completed the “card verification” out of trust. They later responded that it was indeed invalid. Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.
You mean it came via the messaging function within the app?
 
A selection of Camino Jewellery
I received a similar message that came through booking.com and not via email. It followed a thread of previous conversations with the host so I assumed it to be valid and completed the “card verification” out of trust. They later responded that it was indeed invalid. Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.
Yikes! I would watch your card every day!
 
Yes, I was a victim of this scam one month ago. Like others I contacted the owners and they said they did not initiate. I immediately contacted my credit card company. Two transactions for $110 had been processed. Since I caught this within hours my credit card was canceled and the charges were contested and eventually not paid.

The challenge I faced was I used the old credit card to book 16 reservations for Camino Portuguese. I had to scramble to provide my new credit card on all the reservations. Lesson learned on phishing!

I began Camino Portuguese from Porto yesterday and hike day 3 tomorrow. A bit warm and very sunny. Much fewer pilgrims compared to Camino Frances. One surprise is how many places do not have a sello.

Bob
 
New Original Camino Gear Designed Especially with The Modern Peregrino In Mind!
Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.

Cancel the card and get a new one immediately and save you and your bank some trouble. The thieves will eventually sell on the details and you will eventually get a fraudulent activity.
 
I also got a weird booking confirmation with a credit card declined. It was for a hotel in Sri Lanka, Logged into my Booking.com account and saw the actual booking! Immediately changed my password. Fortunately my credit card info wasn't available, cancelled the reservation. Weird and scary, The issue for me is that Booking.com has been less than helpful about the issue.
 
Yes- we also got this- 2 messages WITHIN the booking.com app.
from the hotel itself a couple of weeks ago.
That our (genuine) booking needed our credit card resubmitted into a link to confirm the booking, or it would be cancelled in 12 hours.
My suspicions were raised- so googled to find an email to contact hotel directly (not through B.com messaging) to ask if this was a scam and to confirm our booking was still needed. The hotel emailed back- they had “a virus” & not to click on the link. Also contacted Booking.com customer service who were vague & non commital.
From searches on internet it seems there are 2 possible thing’s happening:

1. Hotels are sent emails which appears innocent ( eg an enquiry about the hotel) but at some stage in back & forth dialogue, the person at hotel is convinced to click on a doc or link, which downloads Malware onto hotel computer, giving access to their booking.com upcoming details. The scammers then use this access to send a phishing message or email to customers, & it looks legit, as they have got access to the real system from hotel via booking.com

2. Scammers hacking into booking.com directly to send verification for real or fake info to booking.com to customers with link.

Booking.com are very silent on this.

The one we got looked pretty well worded, but had some bits that didn’t make sense when thought about it, & very different formatting between the 2 messages ( 2 hours apart). It also had the typical “scam” approach to add a deadline, (12 hours) which is designed to make people do it quickly without thinking. If I was fatigued, in transit or rushing, I could have easily clicked on the link.
So sorry to those who have- I know how rotten this can make you feel.
 
Last edited by a moderator:
A selection of Camino Jewellery
Booking.com are an absolute shower - I have many dealings with them as I manage a guest house in Stratford-upon-Avon. I would always recommend booking directly with the accommodation of your choice - you usually get the best price and are communicating directly with the owner/manager. That way there is much less chance of falling for a scam.
 
I
Booking.com are an absolute shower - I have many dealings with them as I manage a guest house in Stratford-upon-Avon. I would always recommend booking directly with the accommodation of your choice - you usually get the best price and are communicating directly with the owner/manager. That way there is much less chance of falling for a scam.
For balance I totally disagree. I have stayed at least 500 nights at properties booked through them in last 3 years without 1 issue!
 
3rd Edition. More content, training & pack guides avoid common mistakes, bed bugs etc
Hi I know its not about Santiago, but I got the following SCAM inside the Booking.com APP Notification

Hello, dear guest!

In order to confirm your reservation and guarantee your arrival, we ask you to additionally confirm your card.
Funds are reserved through the reservation guarantee system. You will need to confirm a PUSH notification or SMS code.

To verify and confirm your reservation, please use the direct link in the email.
We thank you for your understanding and look forward to your imminent arrival.

You have 24 hours to confirm your reservation, or it will be cancelled.


LINK - https://booking.check-reservation.info/reservation/320283073

Dear guest, after 2 hours we will send you a request to cancel the reservation, in case of not passing the card verification.

I did try booking.com directly and got a confusing answer. Then I wrote an email to the Hotel directly and they wrote me:
Hello, this is Hotel Bridge Seogwipo.
First of all, thank you for your reservation.
We "never" ask for any of your card information, so please ignore any message as you received.
Thank you.

So always be careful before reenter your card informations.

The linked Web-page https://booking.check-reservation.info wasn't active 2 days later
Analyse von Whois:

Domain Name: check-reservation.info Registry Domain ID: 1a77f4cffc4c4434b0dd14956ee7f65f-DONUTS Registrar WHOIS Server: whois.namesilo.com Registrar URL: http://www.namesilo.com Updated Date: 2023-07-22T01:00:24Z Creation Date: 2023-07-22T00:47:59Z Registry Expiry Date: 2024-07-22T00:47:59Z

Buon camino 😎
 
Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David
I have used Booking extensively for 8 years of post-retirement travel in Europe. I ONLY ever work directly in the Booking app (good practice replying to most things that are app driven). Hotels/Hostels/Albergues message/communicate with booking directly through them and you can always do the same. Booking can also reach an accommodation directly on behalf of you if there’s an issue. Stay safe, stay smart. Spot scams!!!
 
3rd Edition. More content, training & pack guides avoid common mistakes, bed bugs etc
I have used Booking extensively for 8 years of post-retirement travel in Europe. I ONLY ever work directly in the Booking app (good practice replying to most things that are app driven). Hotels/Hostels/Albergues message/communicate with booking directly through them and you can always do the same. Booking can also reach an accommodation directly on behalf of you if there’s an issue. Stay safe, stay smart. Spot scams!!!
Hi Robert- our 2 phishing messages came from the hotel booking. within the booking.com App itself. So have to treat the App messages with the same caution as an email or text etc.
 
Get a spanish phone number with Airalo. eSim, so no physical SIM card. Easy to use app to add more funds if needed.
My recent experience with Booking.com is frustrating indeed. I mentioned it above. But now I am locked out of my account. Essentially I received an email about a booking I didn't make. I cancelled the booking, no charges for me, luckily. I sent messages notifying Booking.com, nothing back from them, But now I am blocked from my account for "security reasons." All good except it says to "contact us," when I click the link I can't get anywhere. I don't have a booking number and I can't sign into my account. No other way to contact them. I am loathe to make a new account, just to find out about security. I didn't use them often but it did come in handy at times. I don't think I'll be using them again. My feeling is that they have been hacked in some big way. Be careful with them.
 
Wow. Thank you, @Anniesantiago, for alerting us to this. I am not affected by it as I have no current bookings on Booking.com but this, to me, seems to be a new level of scamming. You and others have already explained that it is the hotel's account that is hacked and that, subsequently, the phishing emails are sent through the Booking.com platform ("The attackers’ message, sent to the guests via the Booking.com platform and also by email from Booking.com, contains a link that leads victims to a meticulously crafted phishing page, mirroring Booking.com’s interface").

An article by Infosecurity Magazine explains it as well. The link to the Perception Point website provides the same explanation but in a more technical language.

 
Get a spanish phone number with Airalo. eSim, so no physical SIM card. Easy to use app to add more funds if needed.
Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David
Hello,
I had the same experience two weeks ago after booking some hotels in Nova Scotia. I didn't click on the email, but went directly to booking to check my credit card. It was correct and I didn't make any changes but the email came to me from booking. I answered the hotel and told then not to cancel my reservation. It was a Friday and I could not check with my bank until Monday and that I would pay cash when I got there if this could not be resolved. I immediately got an email back from the hotel saying this was a scam and I had in fact already paid for my first night. I contacted booking through their chat line and told them. I then got an email from booking saying they had nothing to do with it, the hotel had been scammed. This was followed by an email from booking to the hotel telling then about the scam and also for them to fix it.

I then called Booking and spent considerable time explaining that the breach was with Booking, not with the hotel. They were not having it and said that was absolutely impossible, the scam was with the hotel. I knew this not to be true and explained that the email had come through the booking site. They insisted that wasn't true. They sent another email to the hotel advising them to fix their site. I gave up and canceled my reservations through booking and called the hotels to rebook. So far, there has been no breech on my card. This is just a warning that in my case Booking took no responsibility.
 
Last edited by a moderator:
An article by Infosecurity Magazine explains it as well. The link to the Perception Point website provides the same explanation but in a more technical language.

Thank you for the articles @Kathar1na … and Yikes! 🥺
 
New Original Camino Gear Designed Especially with The Modern Peregrino In Mind!
I then called Booking and spent considerable time explaining that the breach was with Booking, not with the hotel. They were not having it and said that was absolutely impossible, the scam was with the hotel. I knew this not to be true and explained that the email had come through the booking site. They insisted that wasn't true. They sent another email to the hotel advising them to fix their site. I gave up and canceled my reservations through booking and called the hotels to rebook. So far, there has been no breech on my card. This is just a warning that in my case Booking took no responsibility.
Perhaps Booking.com ought to take more responsibility. I am not defending them but your belief that you know where the problem lies (namely with the Booking.com site and not the hotel site) does not appear to be based on the facts. Already in the first post of this thread, it is explained that the hotel themselves wrote to their customer that the hotel's account was hacked.

This is how the technical websites describe the approach which is apparently one of various variations of "InfoStealer" attacks.

A cyberattacker makes a reservation with a hotel on Booking.com. He (let's assume it is a male) then sends an email to the hotel in response to the confirmation of his reservation, perhaps with a personal touch like saying that the cyberattacker's son will be accompanying them. The hotel’s employee replies. The cyberattacker sends a follow-up email which is carefully crafted to elicit both empathy and a sense of urgency. For example, they might claim that their son is prone to anaphylactic shock due to specific allergies. In other cases, the attacker could appeal to the hotel’s sense of responsibility towards elderly guests, stating they have parents over 70 and wish to print photos for them during their stay.
Now that a sense of rapport and urgency is established, another email is sent which contains a link, ostensibly containing crucial documents – medical records for their child or an important map they would like to print out for their elderly parents. The link leads to a pack of zipped files on Google Drive for example that, once the hotel staff have downloaded it to the hotel's computer, includes malware that installs itself on the hotel's computer. The hotel's computer is now infected, sends information to the cyberattacker, and the cyberattacker can now send emails to you from the hotel's account at Booking.com that make you believe that they were sent by the hotel's staff.​
 
Last edited:
1. Hotels are sent emails which appears innocent ( eg an enquiry about the hotel) but at some stage in back & forth dialogue, the person at hotel is convinced to click on a doc or link, which downloads Malware onto hotel computer, giving access to their booking.com upcoming details. The scammers then use this access to send a phishing message or email to customers, & it looks legit, as they have got access to the real system from hotel via booking.com
This makes a lot of sense.
 
Ideal sleeping bag liner whether we want to add a thermal plus to our bag, or if we want to use it alone to sleep in shelters or hostels. Thanks to its mummy shape, it adapts perfectly to our body.

€46,-

Most read last week in this forum

I just received a phone call from my bank that my debit card had been used by a foreign, possibly fraudulent website. They opened a case, but could not say which website it concerned, she...
Ok bear with me. The book is weird, but I've started so I'll finish. In the book, about halfway through is this: "I skipped along a mountain path with Ariel beside me. Then I entered a small...
I am a bourbon and cigar lover! I plan on walking my Camino this summer and was wondering if the bars & restaurants along the Camino Frances had Bourbon available? I am not fond of wine and...
A question that is probably obvious. I'd rather not use Booking.com now after being scammed, so I'm wondering how to book via WhatsApp. Do you pay (Paypal?) in advance when you make a reservation...
Hello, I have a question regarding the stamps. For the minimum 2 stamps per day requirement, am I understanding it correctly on the minimum # of stamps required per day? Example: Day 0 -...
Hi! I’m starting my Camino on April 13th, I fly into Madrid and plan to take the train to Léon where I will stay for one night before starting my Camino. I would welcome recommendations on where...

❓How to ask a question

How to post a new question on the Camino Forum.

Similar threads

Forum Rules

Forum Rules

Camino Updates on YouTube

Camino Conversations

Most downloaded Resources

This site is run by Ivar at

in Santiago de Compostela.
This site participates in the Amazon Affiliate program, designed to provide a means for Ivar to earn fees by linking to Amazon
Official Camino Passport (Credential) | 2024 Camino Guides
Back
Top