Booking.com customers are being warned they could be sent scam emails and messages requesting payments from hotels who have had their accounts taken over by fraudsters.
Action Fraud said that 532 customers lost a total of £370,000 from June 2023 to September 2024 after they were deceived by the criminals into making payments or sending their credit card details.
They were sent in-app message, emails or Whatsapp messages from a Booking.com account belonging to a hotel they had a reservation with, which had been taken over by a criminal.
The specific account takeovers are likely to be the result of a targeted phishing attack against the hotel or accommodation provider, and not Booking.com’s backend system or infrastructure, said Action Fraud.
Deputy Head of Action Fraud Adam Mercer added: “With more than 500 reports made to Action Fraud, those who have booked a holiday on the Booking.com platform should stay alert to any unexpected emails or messages from a hotel using the Booking.com platform, as their account could have been taken over by a criminal.
“If you receive an unexpected request from a hotel’s account you booked with using Booking.com, asking for bank details or credit card details, it could be a fraudster trying to trick you into parting ways with your money.
“Contact Booking.com or the organisation directly if you’re unsure. Remember to report any suspicious emails by forwarding it to [email protected] or if you receive a fraudulent text message, you can forward it to 7726.”
