Booking.com hotel scam- not sure what to do

a web search shows many examples of the booking.com scam. Here's one from Fodors

Hackers first send an email to the hotel, which asks them to click on
a link that downloads malware, reports BBC News. The hacker steals
customer reservation data, credit card information, and other details.
The imposter then pretends to be the hotel and messages guests with
another payment link—from the real Booking.com website or app with a
booking.com id.

In one particular incident, a consumer was contacted by a hotel she booked in Turkey; she was informed that she needed to confirm her payment details or her reservation would be canceled.

If you receive a suspicious email or communication, you should contact
the hotel directly to confirm if the message came from them.

https://www.fodors.com/news/news/hackers-are-targeting-booking-com-with-a-sophisticated-scam-heres-what-you-need-to-know

Contact the hotel directly.

The LinkedIn profile of the “GM” could well be a fake, set up to accommodate this scam.

Why this continues, I don’t know. But a number of us here have experienced this. Apparently credit card numbers are not being hacked from Booking - unless you fall for it and give it to them.

This is mainly to assure you that you are not alone and it is not specific to your hotel.

When is your stay? If it’s not imminent then I would wait to see what booking.com finds out. One of the hallmarks of scams is an urgency to act. Especially without thinking it through. BTW have you checked your credit card statement to see if you have been charged?

Have a great trip!

If you email the hotel directly, they will probably confirm that everything is fine on their end.

This is a scam by a hacker, and it's unfortunate that Booking.com hasn't been able to fix it.

I'm in the group that has gotten this message (once in 2023 and once this year).

Thank you all for responding..
And thank you John, for providing that link.. yes, I saw all over the internet about scam similar to this..
Claudia - Booking.com customer service already contacted the hotel, directly, and they couldn't confirm or deny the legitimacy of this payment request.. they asked, to send the email w/the original message, and that's what CS did, and I am waiting a further instructions..
And Rocket.. my stay is not for another 45 days.. so I have time, and I am in a waiting mode..
And thank you mnannie... still awaiting further instructions from Booking.. I suppose to get a response by tomorrow...

So my question is, if this is legit.. and Booking.com says to pay via the link.. what do I do?? - can I insist hotel take the payment information via Booking?? - they already so no.. so I don't know what my options are.
I am not comfortable doing this... especially, some link from a foreign company and putting all those personal information...... this is non refundable reservations..
I have special 6th sense about scam, but if this is a scam, it is to another level.. looks so real..

You NOT booking.com need to contact the hotel directly.

In 50 plus years of travel have never used a 3rd party. By going direct I get a contact name. Someone I can reference if anything went wrong.

I understand that booking.com is supposed to make life easier but it’s a third party and couldn’t care less.

Also contact you CC company and refute the payment..

Good Luck

This is a scam, and happened to us last year. Verify your payment with the hotel, and you’ll be fine.

Yep- it’s a scam that is happening a lot. Do Not send your credit card info a second time. Directly verify with Hyatt whether Hyatt has a record of your reservation and if they have received payment for your stay.
If they have no record, contact the bank that issued your credit card and dispute the charge for the Hyatt hotel stay letting them know you are a fraud victim.
Personally, if Hyatt has no record of your reservation or has not received payment, I would then start fresh and book a different property with a completely new reservation.

I had similar from vrbo. You handled it great.

They had reservation number, dates, all the info. Scary

I received one of these scams for a Booking.com reservation that I had for my May trip. I almost always reserve my lodging as refundable, so I just cancelled the reservation (it was a few months before the trip). Later, Booking said it was a scam message that came through their site.

”…asking me to submit a payment via this special link they provided.”

That is a huge red flag!

I forgot to mention, if this is a scam, they have an access to Booking message impersonating the Hyatt hotel...
When I reply, I was not comfortable paying via the third party link away from Booking.. they replied next day, saying this is for safety of guests and hotel..

I took the advise of Claudia and contacted them directly via email.. For some reason, when I clicked on "email property" on Booking site, it gets rerouted to the message section of Booking.com.. so if the scammer have an access to the Booking message, we are back to square one..

I looked up my hotel via hyatt website, and got the general info email address to that property and copied the original message..
will await to see if this is legit..

BTW, the link where they are asking me to submit the payment is sipay - which is like Zelle from Turkey... there is an app from Google store for this..

There’s no reason to wait to see if it legit. It’s not. You reported it to Booking. Booking is dealing with thousands of the same scam and is dealing with yours. You smelled a scam and did the right thing.

We received this email last year, yes it is a scam. We just deleted it and never even read it.
As an FYI, we booked an airport taxi through booking.com this past June. They were a no show and we received a refund from booking.com 3 days later. One email to them, no hassles.
When Welcome Pickups cancelled our pickup in Paris cause our plane was less than an hour late, we just got a credit, no refund. Never using them again.

Just a ditto to all of the above; I wouldn't touch that request with a ten foot pole. I've been using booking.com for years and while I've never gotten the sort of message you and others have reported. I'm sure they would NEVER send that sort of request for payment, especially not outside the platform.

Yes it's a scam. You did the right thing.

You’re dealing with Hyatt. Hyatt is not going to do this. If they wanted you to book directly, they would’ve sent you to their website. walk away and quit worrying about it. Booking.com security is pathetic and the hackers have found a way to get to this reservation information it’s why I don’t use them. I know everybody on here thinks they’re wonderful, but they’ve had way too many security breaches for me to be comfortable, giving them my information.

For example, the story below talks about how the scammers are getting the hotels login information to Booking.com and using that to get to your information. Has Booking.com ever heard of multifactor identification? guess not

https://skift.com/2023/12/05/hackers-target-booking-com-partners-with-dark-web-ads-to-steal-from-customers/amp/

Ok... I just spent 30 minutes w/another customer service from Booking.. they put me on hold, and called Hyatt hotel directly, and they confirm that they use Sipay as a payment platform.. but wasn't able to confirm if message came from reservation desk, as nobody was available..
As I was talking with the CS, he just received a confirmation email that it was Hyatt that sent the request.
When I asked, why Hyatt doesn't use the Booking payment system, sometimes they may not get payment information with the reservation request (Which sounds odd)..
The CS states this is all normal, and many hotels do this.. I asked CS to send a request to Hyatt that if they can process via Booking or upon arrival.. - he says he would and we hung up the phone..
Few minutes later, I received a message from Booking.com that Hyatt has rejected this "alternative" payment request...

According to CS, unless I pay via this system, they have every right to cancel my reservation...
Furthermore, the email I sent to Hyatt.. (the email address was obtained from the company website Hyatt.com and not from booking.com)
I received a reply on my inbox.. from the same woman who sent the original payment request.. a GM of reservation.. her email address has @hyatt.com on it.. and reassured that this request is a standard operating procedure..
Since I have non refundable reservation, I must pay via this link..

Okay..
When I first received the payment request, I was 80% sure it was legit.. - it looked so real..
Then when I did research and started this thread.. I was 90% sure it was a scam
Now after this multiple verification, I am 95% sure that this is legit..
Before I submit my payment via this link.. any comments or procedures I should do to protect myself??
Should I do it?? or any different avenue I should take??
thank you

First, I am sorry you are having this stress and all the time it's taking!
Second, I 've been a happy Booking.com user for many years. This summer I had to use customer service for a question and got very little useful support, so at least they are following through.
But I think your best advice is what you received above- cancel within the Booking.com site, in the "reason why" that follows use "other" and "fraud" (although not sure how much space you're given or even the option to add your reason), save the screenshot and then report it as fraud to your credit card company and- start over with another hotel. At least you have time before departure, so that's good.
The challenge is the non-refundable option to which you agreed. OTOH, the reason for using Booking.com as a third party is that they are supposed to pay the property on your behalf. It seems a valid argument to your card company? Ugh.
You haven't said how much the reservation cost, hopefully it's not a lengthy stay there...
Hope it all works out and that you have a safe and memorable trip.

This is a non refundable reservation.. so I supplied all my CC information at the time of booking.
I booked this around a month ago..

Has a charge appeared on your credit card statement?

Hi Bonvoyage, unfortuately, cancelling a non refundable reservation is not an option...
The price has gone up drastically, since I made a reservation, and there are certain travel credits via Booking, that will become worthless,if I cancel this.. plus, I don't want to have stress of fighting w/Booking about validity of cancelling the reservation...

And Joe32F - I made a reservation about one month ago, and Booking states this is a non refundable reservation, and thus, there will be a charge at any time.. I just checked my CC activity, and no charge has been made...

The email from the reservation GM confirms it came from Hyatt.. so I'm pretty sure this is not a scam.. (but who knows?)
and part of the email states..
"We are unable to confirm that credit card belongs to guest. Therefore as our hotel policy, we always send secure payment link in order to collect payment, both for our guests’ and hotel’s safety."

It's possible, I might've used my wife's credit card instead of mine (we have a same account, so we use it interchangeably w/o problems in past).. you think this is what is causing Hyatt request to pay via the link???

Even though the same account, if your two cards have different numbers (as, e.g., my CapOne credit cards and my debit cards when I used to be on joint accounts), that could very well be the issue--name not matching the card involved.

As I was talking with the CS, he just received a confirmation email that it was Hyatt that sent the request.
When I asked, why Hyatt doesn't use the Booking payment system, sometimes they may not get payment information with the reservation request (Which sounds odd)..
The CS states this is all normal, and many hotels do this.. I asked CS to send a request to Hyatt that if they can process via Booking or upon arrival.. - he says he would and we hung up the phone..

Where did you get bookings CS number? Are you positive you are talking to Booking.com?

At the bottom of their home page, under "how we work" it says

1H. Payments

There are three ways you might pay for your Booking:

The Service Provider charges you at the Accommodation.

The Service Provider charges you in advance. We (or our affiliate) will take your Payment Method details and forward them to the Service Provider.

We organize your payment to the Service Provider in advance. We (or our affiliate) will take your Payment Method details and make sure the Service Provider is paid.

There is no mention about the customer ever paying directly except at arrival. Booking.com would not want this as it seems it would make it hard to track their commissions. If the property has issue with bookings system, it sounds like that is bookings problem not yours.

When you first made the reservation, when did it say the charge would go through?

Is your CC info correct on the reservation on Booking.com?

Hi Syd - I got booking CS number on my booking.com app.. it says contact.. and gave me the number.. Yes, the payment request is unusual, but CS from Booking states this is a normal operating procedure..

Hi Mnannie - when I made the reservation one month ago, it says charge would go through "any time".. yes my CC info is correct..

Hi Larry.. yes, that may be the answer.. I used my wife's CC and maybe the CC name doesn't match the reservation..

After many due diligence on this Sipay payment platform, it appears it is legit.. many corporation in Turkey use Sipay for payment transactions.... so I decided to just go ahead and pay via Sipay.. well after 3 tries.. it keep getting error message..The Sipay is saying exp date is wrong (and it is not.. triple checked it)
I keep checking my CC activity and no charge were getting made
Frustrated, I emailed the hotel, asking if I can update my CC information on Booking site that bears my name, maybe that'll suffice??
It's been over 12 hours since I tried Sipay, and my CC activity is still dormant.. (I know I shouldn't have gone ahead and put in my CC info on third party link.. but I did as much due diligence as I can.. and it all comes back as legit..)
I am awaiting to hear back to see if updating my CC info on booking will take care of the problem..

Let them cancel the reservation... I would. I would not bother with proceeding further.

Call your credit card to see if this charge went through

Hi Fred, I thought about let them cancelling the reservation.. but the worst case scenario would be, them canceling the reservation one day before our check in date.. yikes..

So, as I was finishing my work, I get an alert from my CC that somebody from Istanbul hotel had charged my credit card (for the expected amount of the hotel reservation).. and minutes later, I get an email from the GM of reservation that they decided to use the CC as supplied by the Booking platform...
Apparently, when I showed them the problem I was having with Sipay third party payment system (I actually sent them the screenshot of the error message) - they decided just to use the CC that was initially supplied on Booking platform.. I don't know why they didn't do this earlier (they earlier rejected this same request).. They did mention for us to check in, we need to bring the same CC at the time of the check in..
After 5 days of going back and forth, and numerous messages back and forth, I am glad it is over..
Unnecessary stress.. I don't know why they use a system that is a known scam target. This is a literal scam playbook, yet they still insist on using this method..

Things I learned..
1) always make sure your CC name and Booking account matches... never been an issue before on numerous Europe hotels, but in big chain hotels like Hyatt, there is certain security protocol that they follow and not having the same name on CC with reservation is a big flag to them.
2) There actually is a Booking customer service number on the app that I can talk to in real person.. They were not too helpful, this time, but I can see in situation where there is an urgent matter (like Hotel not having your reservation, or Host flaking on your check in date.. etc) - that you can call the 800 number and a CS can try to resolve a problem for you 24/7.(they actually put you on hold, and call the hotel right there and then).. That's one big fear about booking w/Airbnb.. that there is no immediate resource CS number, when emergency happen.. (like Host not showing up for check in.. etc.. in middle of foreign country.yikes...)
3) Always be suspicious of third party link even if it came from Booking message app.. didn't know this was a common scam involving Booking.. Luckily, this was a legit request.. but the process was identical, that one has to do thorough research and due diligence to make sure it's not scam..
For example, believing Booking message app was compromised, I had to search the hotel's reservation email address by going to Hyatt.com and searching this particular hotel, where it published it under "contact us".. I knew it was legit, when the same person replied to the email and verified everything.

Thanks everybody for your inputs.. I appreciate all your comments.. the recommendations kept me more level headed, and I followed many of your advises..

The worst case scenario may be the unpleasant one: take a loss here and move to another hotel , thus extricating yourself from this mess. Don't anything more as booking .com has advised you. If they cannot doing anything regarding the fraud aspect, the investigation, etc, assuming they are sincere, do you think you can?

“ 1) always make sure your CC name and Booking account matches... never been an issue before on numerous Europe hotels, but in big chain hotels like Hyatt, there is certain security protocol that they follow and not having the same name on CC with reservation is a big flag to them.”

This should be a red flag to any place of business no matter how big or small. If I understand correctly from your earlier posts, you made the reservation in your name, but supplied a credit card that was in your wife’s name. In that case the hotel was doing the right thing by contacting the booker and asking them to provide credit card information thru a trusted payment service. What if the credit card information you supplied wasn’t your wife’s, but from some stranger? Or what if someone got ahold of your credit card information, used it to make a hotel booking and the hotel accepted it with no problem?

I don’t think it’s really fair to the Istanbul Hyatt that their name is now associated with a topic about hotel scams. Yes, they could have explained better why they were asking you for the credit card information, but other than that they did nothing wrong and they certainly didn’t scam you.

Hi Dutch_traveler - I agree they didn't scam me (I think I made that pretty clear on my posts)... when I initially posted this topic.. I was 90% sure this was a scam ...especially with this article describing exactly the same thing w/hackers..

https://www.fodors.com/news/news/hackers-are-targeting-booking-com-with-a-sophisticated-scam-heres-what-you-need-to-know

As more information came to light, I realize what the problem was, and I knew this was legitimate.. (I think I mentioned it in several posts, that this was legitimate request)

But when there are so many scam artists using the same tactic to get personal information from you, it does get some unnerving.
I tried to reword the title of this thread to show the updated results..but the edit window passed.
there are many Hyatt in Istanbul, so I wasn't trying to single any one hotel out..
I apologize to you and to Hyatt for perceived connection of word "scam" to that property.. certainly not my intention...