Beware of Phishing Scam Targeting Booking dot com Reservations

[Anniesantiago]

Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David

 

[CalgaryLynn]

Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David

Thanks for that. I have noticed that they do message you through the website to answer questions etc. so that is an extra layer of protection instead of responding to emails.

 

[andycohn]

Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David

Thanks for posting. I got one of these phishing emails, too, AND THEY LOOK VERY OFFICIAL, SO BEWARE!!!! It even contained my exact confirmation number.

I'm posting in below a copy of what I received, so people can see how genuine they look. The only thing that saved me was that they sent me 3 identical emails in quick succession, which made me suspicious enough to reach out to the hotel directly. I'm also not sure how pro-active Booking.com is being, so BE CAREFUL!!! Here's the email I received. The original also includes booking.com's logo and what appeared to be a real booking.com return address:


From: "Hotel Wing International Premium Tokyo Yotsuya through Booking.com" <noreply@booking.com>
Date: September 14, 2023 at 5:37:33 AM PDT
To: (email address removed by moderator)
Subject: You have a new message from Hotel Wing International Premium Tokyo Yotsuya through Booking.com
Reply-To: "Hotel Wing International Premium Tokyo Yotsuya through Booking.com" <noreply@booking.com>

​

​ Confirmation number: xxxxxx ​ You just got a new message from Hotel Wing International Premium Tokyo Yotsuya Property's message: ​ ​ Dear guest We regret to inform you that your credit card has not passed the security check performed by the reservation system and has been marked as invalid. As a result, your reservation may be canceled. To prevent this from happening, you will need to complete a short card verification process. Please follow this link to start the procedure. https://booking.com.id102.date/p/0991 Please note that after you have entered your details, do not leave the page for 5 minutes, our payment system is overloaded and there may be delays, also, after your card has been processed, in some situations you will need to call your bank to authorize the transaction, as well as regularly check your mobile app and confirm the transactions that you have received after entering your bank card. In accordance with our booking policy, if this process is not completed within the next 12 hours, your reservation will unfortunately be canceled. We are sorry for any inconvenience this may cause and thank you in advance for your prompt resolution of this matter. With respect! Hotel Wing International Premium Tokyo Yotsuya <mime-attachment.png> ​ Message from Booking : We remind you that you still have not updated your details. Use the link / QR code you received in the chat above and update the information. Otherwise your booking will be cancelled. <mime-attachment.png> ​ Dear guests, our system is overloaded, please, after you have entered your bank card, wait 5 minutes and do not exit the link, confirm transactions in your bank’s mobile application, or enter the SMS/OTP code <mime-attachment.png> ​ Dear guests, our system is overloaded, please, after you have entered your bank card, wait 5 minutes and do not exit the link, confirm transactions in your bank’s mobile application, or enter the SMS/OTP code ​ View messages Reservation Details Guest name: Andrew Cohn Check-in: Sat, Sep 30, 2023 Check-out: Tue, Oct 3, 2023 Property Name: Hotel Wing International Premium Tokyo Yotsuya Booking Number: Xxxxxx Total guests: 2 Total rooms: 1 © Copyright Booking.com 2023 This email was sent by Booking.com​ Booking.com will receive and process replies to this email as set forth in the Booking.com Privacy Statement. The content of the message from Hotel Wing International Premium Tokyo Yotsuya was not generated by Booking.com, meaning Booking.com cannot be held accountable for the content of the message. Why did I receive this message?

​

 

[trecile]

@andycohn - did you also check your messages on the booking.com site?

 

[Former member 104756]

I received an email about a week ago, saying my credit card details for one of my upcoming bookings needed to be verified or the booking would be cancelled within 12 hours. Did look official with what looked like a legitimate email address. But I didn’t click. I checked on booking app and there was no message. I reported it though haven’t heard anything back yet.

 

[Kirkie]

No matter who sends me an email looking for information or payment, or offering me a free trip to Santiago de Compostela - I take a screenshot before deleting the message and then send a separate message to the company through the contact details on their website. I even do that with Revenue messages. If it is a delivery company - where I live, we all know the guys so it is even easier to check!

 

[Saint Mike II]

Thanks, just another reason to book directly with the accommodation venue where you can. Cheers

 

[AZ2Espana]

I received a similar message via Booking.com site specifically under Hotel Roncesvalles. I called the hotel directly and they advised me that it was a scam and that my reservation was intact. Whoa, talk about a breach of security!

 

[naplesdon]

I had a similar situation happen a few years ago. I received a very official looking email from Bookings asking me for details about my credit card because the approval had been denied. I talked directly to Bookings and they said ignore it. To this day, I suspect it was some hotel employee trying to hack my credit card.

 

[Marbe2]

As best practice, any email that asks for personal information, should be ignored and spammed. If in doubt, always contact the company directly!

 

[VNwalking]

Thanks, just another reason to book directly with the accommodation venue where you can. Cheers

This.

 

[willydp]

I have received two of those messages on my cellphone, problem credit card info and my booking would be cancelled within 4 hours if not confirmed.
Click on one of them and was in a chat!
I explained that I would contact booking.com, that it was not the way to go, that I don't confirm.
Not heard from them again.
Checked on my laptop on booking.com.and the messages were there too.
Logged off all my booking.com connections and reset my password.
Contacted customer service booking...no reply....
I use VPN and Bitdefender on my cellphone.
Did a scan no problems.

 

[Jennifer Partika]

I received an email about a week ago, saying my credit card details for one of my upcoming bookings needed to be verified or the booking would be cancelled within 12 hours. Did look official with what looked like a legitimate email address. But I didn’t click. I checked on booking app and there was no message. I reported it though haven’t heard anything back yet.

I received a similar message that came through booking.com and not via email. It followed a thread of previous conversations with the host so I assumed it to be valid and completed the “card verification” out of trust. They later responded that it was indeed invalid. Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.

 

[TravellingMan22]

I received a similar message that came through booking.com and not via email. It followed a thread of previous conversations with the host so I assumed it to be valid and completed the “card verification” out of trust. They later responded that it was indeed invalid. Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.

You mean it came via the messaging function within the app?

 

[Anniesantiago]

Thanks for posting. I got one of these phishing emails, too, AND THEY LOOK VERY OFFICIAL, SO BEWARE!!!! It even contained my exact confirmation number.

​

Yes, Joe also got 3 in a row.

 

[Anniesantiago]

@andycohn - did you also check your messages on the booking.com site?

I have many messages with lodging owners that do not show up in that booking messaging place.

 

[Anniesantiago]

I received a similar message that came through booking.com and not via email. It followed a thread of previous conversations with the host so I assumed it to be valid and completed the “card verification” out of trust. They later responded that it was indeed invalid. Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.

Yikes! I would watch your card every day!

 

[BROWNCOUNTYBOB]

Yes, I was a victim of this scam one month ago. Like others I contacted the owners and they said they did not initiate. I immediately contacted my credit card company. Two transactions for $110 had been processed. Since I caught this within hours my credit card was canceled and the charges were contested and eventually not paid.

The challenge I faced was I used the old credit card to book 16 reservations for Camino Portuguese. I had to scramble to provide my new credit card on all the reservations. Lesson learned on phishing!

I began Camino Portuguese from Porto yesterday and hike day 3 tomorrow. A bit warm and very sunny. Much fewer pilgrims compared to Camino Frances. One surprise is how many places do not have a sello.

Bob

 

[Rita Flower]

Checking credit card every day for fraudulent activity but nothing so far.
Booking.com has been non responsive regarding the issue.

Cancel the card and get a new one immediately and save you and your bank some trouble. The thieves will eventually sell on the details and you will eventually get a fraudulent activity.

 

[Betsybro]

I also got a weird booking confirmation with a credit card declined. It was for a hotel in Sri Lanka, Logged into my Booking.com account and saw the actual booking! Immediately changed my password. Fortunately my credit card info wasn't available, cancelled the reservation. Weird and scary, The issue for me is that Booking.com has been less than helpful about the issue.

 

[TeamGregamy]

Yes- we also got this- 2 messages WITHIN the booking.com app.
from the hotel itself a couple of weeks ago.
That our (genuine) booking needed our credit card resubmitted into a link to confirm the booking, or it would be cancelled in 12 hours.
My suspicions were raised- so googled to find an email to contact hotel directly (not through B.com messaging) to ask if this was a scam and to confirm our booking was still needed. The hotel emailed back- they had “a virus” & not to click on the link. Also contacted Booking.com customer service who were vague & non commital.
From searches on internet it seems there are 2 possible thing’s happening:

1. Hotels are sent emails which appears innocent ( eg an enquiry about the hotel) but at some stage in back & forth dialogue, the person at hotel is convinced to click on a doc or link, which downloads Malware onto hotel computer, giving access to their booking.com upcoming details. The scammers then use this access to send a phishing message or email to customers, & it looks legit, as they have got access to the real system from hotel via booking.com

2. Scammers hacking into booking.com directly to send verification for real or fake info to booking.com to customers with link.

Booking.com are very silent on this.

The one we got looked pretty well worded, but had some bits that didn’t make sense when thought about it, & very different formatting between the 2 messages ( 2 hours apart). It also had the typical “scam” approach to add a deadline, (12 hours) which is designed to make people do it quickly without thinking. If I was fatigued, in transit or rushing, I could have easily clicked on the link.
So sorry to those who have- I know how rotten this can make you feel.

 

[Knit the knits]

Booking.com are an absolute shower - I have many dealings with them as I manage a guest house in Stratford-upon-Avon. I would always recommend booking directly with the accommodation of your choice - you usually get the best price and are communicating directly with the owner/manager. That way there is much less chance of falling for a scam.

 

[TravellingMan22]

I

Booking.com are an absolute shower - I have many dealings with them as I manage a guest house in Stratford-upon-Avon. I would always recommend booking directly with the accommodation of your choice - you usually get the best price and are communicating directly with the owner/manager. That way there is much less chance of falling for a scam.

For balance I totally disagree. I have stayed at least 500 nights at properties booked through them in last 3 years without 1 issue!

 

[Lexicos]

A curse on those responsible.
I hope they never sleep another full night.
Harming innocent people is downright evil.

 

[Anniesantiago]

I guess it's full on right now.
I got the same email Joe got this morning.

 

[Paul-CH]

Hi I know its not about Santiago, but I got the following SCAM inside the Booking.com APP Notification

Hello, dear guest!

In order to confirm your reservation and guarantee your arrival, we ask you to additionally confirm your card.
Funds are reserved through the reservation guarantee system. You will need to confirm a PUSH notification or SMS code.

To verify and confirm your reservation, please use the direct link in the email.
We thank you for your understanding and look forward to your imminent arrival.

You have 24 hours to confirm your reservation, or it will be cancelled.


LINK - https://booking.check-reservation.info/reservation/320283073

Dear guest, after 2 hours we will send you a request to cancel the reservation, in case of not passing the card verification.

I did try booking.com directly and got a confusing answer. Then I wrote an email to the Hotel directly and they wrote me:
Hello, this is Hotel Bridge Seogwipo.
First of all, thank you for your reservation.
We "never" ask for any of your card information, so please ignore any message as you received.
Thank you.

So always be careful before reenter your card informations.

The linked Web-page https://booking.check-reservation.info wasn't active 2 days later
Analyse von Whois:

Domain Name: check-reservation.info Registry Domain ID: 1a77f4cffc4c4434b0dd14956ee7f65f-DONUTS Registrar WHOIS Server: whois.namesilo.com Registrar URL: http://www.namesilo.com Updated Date: 2023-07-22T01:00:24Z Creation Date: 2023-07-22T00:47:59Z Registry Expiry Date: 2024-07-22T00:47:59Z

Buon camino

 

[Robert Nystrom]

Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David

I have used Booking extensively for 8 years of post-retirement travel in Europe. I ONLY ever work directly in the Booking app (good practice replying to most things that are app driven). Hotels/Hostels/Albergues message/communicate with booking directly through them and you can always do the same. Booking can also reach an accommodation directly on behalf of you if there’s an issue. Stay safe, stay smart. Spot scams!!!

 

[TeamGregamy]

I have used Booking extensively for 8 years of post-retirement travel in Europe. I ONLY ever work directly in the Booking app (good practice replying to most things that are app driven). Hotels/Hostels/Albergues message/communicate with booking directly through them and you can always do the same. Booking can also reach an accommodation directly on behalf of you if there’s an issue. Stay safe, stay smart. Spot scams!!!

Hi Robert- our 2 phishing messages came from the hotel booking. within the booking.com App itself. So have to treat the App messages with the same caution as an email or text etc.

 

[TravellingMan22]

Hi Robert- our 2 phishing messages came from the hotel booking. within the booking.com App itself. So have to treat the App messages with the same caution as an email or text etc.

Did you get an email as well as the message within app?

 

[Anniesantiago]

Did you get an email as well as the message within app?

I have many many reservations where I get messages in email and when I go to the message section of the app, they are not there so that isn't a good way, imo, to discern a scam.

 

[Betsybro]

My recent experience with Booking.com is frustrating indeed. I mentioned it above. But now I am locked out of my account. Essentially I received an email about a booking I didn't make. I cancelled the booking, no charges for me, luckily. I sent messages notifying Booking.com, nothing back from them, But now I am blocked from my account for "security reasons." All good except it says to "contact us," when I click the link I can't get anywhere. I don't have a booking number and I can't sign into my account. No other way to contact them. I am loathe to make a new account, just to find out about security. I didn't use them often but it did come in handy at times. I don't think I'll be using them again. My feeling is that they have been hacked in some big way. Be careful with them.

 

[Kathar1na]

Wow. Thank you, @Anniesantiago, for alerting us to this. I am not affected by it as I have no current bookings on Booking.com but this, to me, seems to be a new level of scamming. You and others have already explained that it is the hotel's account that is hacked and that, subsequently, the phishing emails are sent through the Booking.com platform ("The attackers’ message, sent to the guests via the Booking.com platform and also by email from Booking.com, contains a link that leads victims to a meticulously crafted phishing page, mirroring Booking.com’s interface").

An article by Infosecurity Magazine explains it as well. The link to the Perception Point website provides the same explanation but in a more technical language.

Booking.com Customers Targeted in Major Phishing Campaign

Perception Point research highlights the extensive reach of this issue, affecting hotels and resorts on a global scale

www.infosecurity-magazine.com

Booking.com Customers Hit by Phishing Campaign

Booking.com users are targeted by a new phishing campaign. Attackers use InfoStealer malware to compromise the the hospitality industry.

perception-point.io

 

[TeamGregamy]

Did you get an email as well as the message within app?

Yes- although email is just one that says you have two new messages - and contains all the same details from the message in the App.

 

[C2G]

Heads UP ON A SCAM. Joe got an email this morning that appeared to be from one of his reservations on booking dot com. It looked quite official. It was asking him to confirm his name, phone number and credit card number. I was suspicious and so I emailed the property and got this reply:

*** Hello Annie It is indeed a phishing attempt by an unauthorized source that got access to our reservations on Booking by hacking our account so if any of you receive a message asking to re-confirm your reservation or to send them your credit card details in the next 12 hours please ignore them and move on. It is all a big fraud. The issue has been reported to Booking and we are already working on a solution for those that were unaware of this evil practice. Thanks for your warning message! We are deeply sorry for the inconvenience. Kind regards, David

Hello,
I had the same experience two weeks ago after booking some hotels in Nova Scotia. I didn't click on the email, but went directly to booking to check my credit card. It was correct and I didn't make any changes but the email came to me from booking. I answered the hotel and told then not to cancel my reservation. It was a Friday and I could not check with my bank until Monday and that I would pay cash when I got there if this could not be resolved. I immediately got an email back from the hotel saying this was a scam and I had in fact already paid for my first night. I contacted booking through their chat line and told them. I then got an email from booking saying they had nothing to do with it, the hotel had been scammed. This was followed by an email from booking to the hotel telling then about the scam and also for them to fix it.

I then called Booking and spent considerable time explaining that the breach was with Booking, not with the hotel. They were not having it and said that was absolutely impossible, the scam was with the hotel. I knew this not to be true and explained that the email had come through the booking site. They insisted that wasn't true. They sent another email to the hotel advising them to fix their site. I gave up and canceled my reservations through booking and called the hotels to rebook. So far, there has been no breech on my card. This is just a warning that in my case Booking took no responsibility.

 

[Former member 104756]

An article by Infosecurity Magazine explains it as well. The link to the Perception Point website provides the same explanation but in a more technical language.

Booking.com Customers Targeted in Major Phishing Campaign

Perception Point research highlights the extensive reach of this issue, affecting hotels and resorts on a global scale

www.infosecurity-magazine.com

Booking.com Customers Hit by Phishing Campaign

Booking.com users are targeted by a new phishing campaign. Attackers use InfoStealer malware to compromise the the hospitality industry.

perception-point.io

Thank you for the articles @Kathar1na … and Yikes!

 

[Kirkie]

I found this a day or so ago. While not immediately connected to the OP, if it expands your awareness, go ahead and read it.

Travel website Booking.com leaves hoteliers thousands of dollars out of pocket

As the website boasts about increased revenue, some partners say they have not been paid for months

www.theguardian.com

If this has already been posted above, forgive me.

 

[Kathar1na]

I then called Booking and spent considerable time explaining that the breach was with Booking, not with the hotel. They were not having it and said that was absolutely impossible, the scam was with the hotel. I knew this not to be true and explained that the email had come through the booking site. They insisted that wasn't true. They sent another email to the hotel advising them to fix their site. I gave up and canceled my reservations through booking and called the hotels to rebook. So far, there has been no breech on my card. This is just a warning that in my case Booking took no responsibility.

Perhaps Booking.com ought to take more responsibility. I am not defending them but your belief that you know where the problem lies (namely with the Booking.com site and not the hotel site) does not appear to be based on the facts. Already in the first post of this thread, it is explained that the hotel themselves wrote to their customer that the hotel's account was hacked.

This is how the technical websites describe the approach which is apparently one of various variations of "InfoStealer" attacks.

A cyberattacker makes a reservation with a hotel on Booking.com. He (let's assume it is a male) then sends an email to the hotel in response to the confirmation of his reservation, perhaps with a personal touch like saying that the cyberattacker's son will be accompanying them. The hotel’s employee replies. The cyberattacker sends a follow-up email which is carefully crafted to elicit both empathy and a sense of urgency. For example, they might claim that their son is prone to anaphylactic shock due to specific allergies. In other cases, the attacker could appeal to the hotel’s sense of responsibility towards elderly guests, stating they have parents over 70 and wish to print photos for them during their stay. ​

​

Now that a sense of rapport and urgency is established, another email is sent which contains a link, ostensibly containing crucial documents – medical records for their child or an important map they would like to print out for their elderly parents. The link leads to a pack of zipped files on Google Drive for example that, once the hotel staff have downloaded it to the hotel's computer, includes malware that installs itself on the hotel's computer. The hotel's computer is now infected, sends information to the cyberattacker, and the cyberattacker can now send emails to you from the hotel's account at Booking.com that make you believe that they were sent by the hotel's staff.​

 

[VNwalking]

As someone else already said, a good reason to contact the albergues or hostals directly either by phone or email.

 

[Richard Smith]

1. Hotels are sent emails which appears innocent ( eg an enquiry about the hotel) but at some stage in back & forth dialogue, the person at hotel is convinced to click on a doc or link, which downloads Malware onto hotel computer, giving access to their booking.com upcoming details. The scammers then use this access to send a phishing message or email to customers, & it looks legit, as they have got access to the real system from hotel via booking.com

This makes a lot of sense.

 

[Molly Cassidy]

https://www.thejournal.ie/booking-com-scam-email-6208026-Oct2023/

See the link for more information.

 

[Mark Day]

Hi,

I just had one from Albergue LaMorena in Ledigos. Luckily thanks to the forum I was aware of the scam.

The Albergue is aware.