Scams targeting Booking visitors
Travelers using the popular hotel booking site Booking.com have received warnings about falling victim to fraudulent emails asking them to confirm their payments at the hotel, after allegations that the site's email system was hacked.
In recent weeks, The Observer has been contacted by a number of customers, claiming to have received fraudulent emails from within the Booking.com system. In each case, the customer had either checked in, or was scheduled to check in, to a hotel they had checked in to. Book it using the website.
Emails sent by noreply@booking.com claim that customers' stay may have to be cancelled, unless they hand over their bank card details via an embedded link. If they fail to do this within four or 12 hours – emails vary slightly – the booking will be cancelled. Email notifications also appeared in the company's mobile app.
Booking.com strongly denied that its system had been hacked, instead blaming the messages on breaches in the email systems of its partner hotels. But the affected hotels complain that this could not have happened through them.
Observer reader Julia Berridge says she was forced to cancel her bank card, after following instructions in an email, which she appears to have received from the site. She was staying at a hotel in Marseille earlier this month for two nights at a cost of 349 euros ($370).
The email containing the fraudulent payment request appeared to have been sent from a standard email address on the bookings website, contained a link to Ms Julia's booking, and came complete with all the details of her stay. She says the fact that a notification of the message appeared in the app on her phone made her think it was real. Although she didn't lose any money, she entered her card details and decided her only option was to cancel her card.