Almost fell for a scam on booking site ..... be smarter than me.

Thank you for posting. This scares me. I use booking.com and I currently have five hotels booked through them.

I believe that I have a credit card on file with booking.

Did you report this to booking?

There are so many scams out there that i can no longer keep up with them. Recently on the news there have been some scams mentioned regarding travel sites and making reservations but I can not even remember anything. Booking was not mentioned or I would have remembered that.

I do not like receiving links anymore from anyone or any business.

That's concerning. Please report it to booking.com since you were able to see the hotel's message on the booking.com website.

I use booking.com quite a bit and haven't seen anything like that, but I will be on the lookout.

Thanks for the head's up!
I always say the skeptical is my middle name but that one might have fooled me.

Wow, appreciate the warning!

The hotel said that there was an incident with the booking.com platform the other night, and that booking.com would be contacting me personally. I will update when I get more information from them.

I also have several other bookings with the site, and currently no problems or strange messages with the other hotel reservations as of now. My best guess at this point is that the actual hotel was hacked and the scammer's were able to use the hotel's system to interact with booking? (And this isn't my expertise ...... obviously not even close!) Just speculating from what I've been reading online.

Lisuza, impressive catch. Kudos!

Very good perspective Mango Tree, and i agree.

This is very worrying. Since this all looked so close, how in the world did you catch it ??!!

Thanks for the warning.

The same thing happened to us just recently, and I was able to catch it because the false one had the dates of our stay wrong, and because the hotel had already conformed our reservation.

It’s booking.com that was compromised, not the hotel.

Thanks for the warning, Lisuza. I very rarely use booking.com but it's still scary that it can happen.

I was curious how prevalent this is, so I did some googling and found this website, which says that this has been going on for a number of years. It says that for the past 5 years, scammers have been able to access customer reservation details and other private data for phishing purposes. Interesting read: https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Thanks for the heads up. We use both booking.Com and directly with the hotel. When booking directly with hotels it’s usually chains such as Eurostars or Hilton, etc. But it can happen any time and with any chain. We just have to be very careful and Listen to that little ‘UhOh this doesn’t seem right’ voice.
PS - you were very smart, caught the scam before it became a Real problem.

Thank you for taking the time to remind us how careful we need to be.

Ah, Mardee beat me to it. When I told a Forum friend about the confusing email I had from booking.com, she did some snooping and sent me the same link Mardee just posted.

I will say that a day or so after I received the bogus booking email, I did get notice from the hotel in question not to follow up on the scammy one. The valid hotel email said the other that had been sent to me

Was sent by Booking.com by mistake.

I doubt that; but at least the hotel knew about the problem, and urged me not to respond.

Thanks so much for sharing this. I've used booking.com for many many years and only had one minor problem in that time. I had cancelled a reservation about 7 or 8 years ago and then the hotel charged me for it, saying they did not receive the cancellation from Booking. I called Booking and within about 10 days I had the amount credited to my card.
This is a great reminder to always be vigilant even with sites you're familiar with.

Yikes! Thanks for the heads up!

This is why I always book directly with airlines and hotels. Good way to ensure you aren't being scammed! And also, while there may be some deals through third party sites, in my experience, when problems arise, it's easier to resolve things quickly when working directly with the hotel or airline versus a third party.

“This is why I always book directly with airlines and hotels.”

The exact same thing can happen with a hotel. An airline may be better secured. Pretty much anything can be hacked or scammed. As others have said, just have to be vigilant and careful and do what Lisuza did.

Sorry, to clarify my comment. I'm not referring to websites getting hacked, I'm (mostly) talking about when troubles arise after booking something. That is, issues with the airline or hotel while on a trip or similar.

Agree that you can't prevent a legit website from getting hacked, but if it's a scam email going to a bogus site, or a bogus link within a legit website, a funky URL would be one dead giveaway.

Jill M, i agree.

I have received the same scam link from a hotel on Booking.com. Unfortunately, I fell for it. They've forwarded me to the 3D Secure check from my bank where I authorized the payment. It got stuck, so I tried it again.

5 minutes later my bank send out an SMS that they've blocked my card. The payment went to Mercuryo Payments. I have reported it now and the reserved amount dropped to 0 now. I assume my bank cancelled it now.

The scam website is now offline. I assume they've used multiple hacked hotels to scam lots of people. The link was even individualized with a random number.

I received a similar request (credit card details) which appeared to be directly from a hotel in Europe that I had reserved through booking.com. I elected to ignore it. I decided that the establishment had everything that it needed through booking.com’s platform. If it wasn’t satisfied then it should feel free to cancel my reservation.

I received a similar email from a hotel in Scotland. Clicked on the link which looked like bookings site. But started to send message to hotel and noticed they had just sent the below message:

BOOKING.COM GUESTS
PLEASE DO NOT CLICK ANY LINKS ASKING FOR CARD DETAILS. THIS IS A SCAM
AND HAS NOT COME FROM THE HOTEL.
IF YOU HAVE ALREADY DONE THIS, PLEASE CALL YOUR BANK TO STOP ANY
CHARGES.

I received the same scam email. I never click links asking for personal/financial details so I navigated to the booking.com site in a new window and updated my card on file (it had expired so I honestly thought that was the issue that triggered the email). I then messaged the hotel and their response was "This is an automatic message from booking.com. You may ignore this and pay at check-in." So they didn't know it was a scam? Surprising.

This same scam happened to me today. I got a message to my booking.com app - not email - with link to that scamming site. Site even had customer support chat. My booking is to big hotel in Bangkok

This just happened to me from Booking.com - how is it that after all this time booking.com has not sent a warning message to all their customers ??? Surely this is negligent of booking.com to not update their security, warn all their customers and prevent this from happening?

Evidently what has happened in the Hotel fell victim to a hacking attack where their Booking.com credentials are stolen by a hacker. The hacker emails the Hotel's Booking.com account posing as a guest with an attachment in the message. The hotel employee opens the attachment and it takes over their computer. Then the hacker sends these fraudulent messages to guests with future bookings.

Booking.com should be monitoring and removing the internal messages and suspending the affected Hotel accounts until they gain control of their systems again.

I just received one of these this morning. The notice appeared that it was a message sent from one of my B&B’s booked through Booking.com. It said that they were sorry but my reservation was going to be cancelled within 12 hours because there was an issue with the verification of my credit card. Fortunately, this was one I had already paid (although it has free cancellation). I sent a message back that I had already paid on x date, and I have a picture of it if they needed proof.

This is what I received back from them an hour later:

Dear guests,
please DO NOT CLICK on the link indicated and DO NOT ENTER any sensitive data. This is very important. We are solving the problem through booking.com.

We apologize for the inconvenience and thank you for your attention.

Best regards,
Staff

Jean, same for me today - almost the same wording, so a new round is out there. I went directly into the Booking.com app and replied I would not be sending anything via an outside link. Perhaps the hotel received my reply because within 45 minutes I had a very similar response to yours from the hotel.

I would NOT have sent any information but thanks to Lisuza’s post on this (I had not stayed up with recent responses) I was aware of the scam.

I just found this article in The Guardian:

https://www.theguardian.com/money/2023/oct/23/bookingcom-customers-targeted-by-scam-confirmation-emails

OMG, I love the internet and hate it at the same time. Thanks for posting another reminder to be extra vigilant, click on nothing and verify!

Thank you so much for the warning, this is terrifying to hear! 😮 I haven't booked on Booking.com in a while, since I usually prefer booking hotels directly through their websites.
I can totally see how something like this could fool people, though - the scammers are getting so clever with using AI! It's harder to spot the usual signs sometimes.
This is what I usually do - hover the mouse on the link to see the actual webpage.

I was also recently sent an email that looked like Booking.com asking for me to re-confirm a reservation that had failed in part of our trip in Spain. I did have a room reserved in the hotel through Booking.com, so at first glance, it looked real. I checked my records for the hotel booking, and I had a confirmation over a month ago, so this seemed impossible. But contacting Booking.com was very frustrating. They did not seem very concerned and suggested I contact my local authorities. They did not let on that this kind of scam was a known issue.

Molly

Sadly it seems to be continuing. I have just had 2 hotels send me scam messages sending a link via Booking. Com
Yes security never sends me a response. The most upsetting thing to me is that it is not on our media here in the US. The UK and other countries have done reporting often to educate their consumers.Why not the US?