CC info intercepted when booking hotel by email

I usually send my cc information details in two emails to the hotel. I'm not sure I understand how this happened if your first email was to a genuine hotel email address. But it is something to be aware of when emailing hotels to be sure it is a correct address.
Did you have to cancel your credit card?

Email is NOT secure. NEVER email your credit card info to anyone! Emails can be hacked on the other end; the hotel's computer might have malware on it that just sucks up any credit card numbers the hotel is processing on that computer.

Many hotels offer some sort of secure booking system on their website. If they don't (if it's a small hotel or something) but they still want a credit card to secure, I'd call them and read it to them over the phone. See if they have WhatsApp (very popular in Europe) - and if you have a smart phone or tablet, install WhatsApp, sign up for it, and call them that way for free. Otherwise, you can call them for a few cents a minute with say Skype if they have a regular landline phone or something.

Three years ago I booked a room at an inexpensive (but not tiny) hotel in Santander, Spain. Upon arrival I noticed a lot of fat binders shelved near the reception desk. I don't remember why it came up, but I subsequently discovered that my printed-out confirmation was in one of those binders, with the full credit card number shown. I don't remember whether the printout included the expiration date and/or the security code.

I'd call them and read it to them over the phone

How is that any more secure? A dishonest employee can simply write down the CC number on a piece of paper and sell it to a criminal group. Even big companies with their big IT departments get CC details hacked.
At the end of the day there is no way of securely sending CC data, which is why you are protected from fraudulent activity. You just have to take a leap of faith.

*What do people do to prevent such a problem? *

I use a credit card that allows me to generate single-use (virtual) credit card numbers. I can use these with any online purchase, foreign or domestic. Worst case, that one virtual card number is compromised. But the underlying number of my physical card is not and it does not have to be cancelled and replaced.

How is that any more secure?

Because most likely, no one is listening in on a phone conversation recording credit card numbers?

Malware infecting a computer could intercept every key stroke and just send stolen credit card numbers back to the mother ship in Russia or wherever without the hotel even realizing it. Or if the hotel uses web-based email like Gmail, hackers could get into it without even being on the same continent as the hotel - and the hotel would be none the wiser. Doesn't require a "dishonest hotel employee."

A hotel employee keying in a credit card number over the phone into the hotel's secure credit card terminal would be a whole lot more secure than sending a credit card number in an unsecured email message.

I know of people that have had their email accounts hacked. I got an email from a person's legitimate email address, and when I responded, another email asking for money. I noticed the reply email was a slightly different address. So it is very possible that the hotel's email was hacked and they just waited until there was an email exchange, and then emailed you from an account with a slightly different address.

Under that scenario, the ole "send the CC number in two emails" routine would be worthless (it always was frankly).

It would still be rare for this type of hacking to occur, but obviously does happen. You would be safest to call them directly and give it over the phone, but of course a hacked email could give you a phone number to call and scam you that way.

The reality is that if your card is compromised, you lose nothing other than some inconvenience. Do whatever seems best for you and always be alert to the emails you get. I'd be faaaar more worried about clicking an email link that then infected my computer than having my CC data stolen.

I was hesitant to send my CC info on an email while booking the pre-day in Haarlem. I asked the hotel how to work through this issue and they said either to call them or use booking.com. I used booking.com and booked the pre-day at the same rate I was quoted. Seems to me that they should have another solution which doesn't cost them money. They knew we were with the RS tour too.

I recently sent credit card information in 3 emails to get a discount for an extra night before an RS tour. Instead of using the reply function, I sent fresh emails. I think calling would be less risky, but the time of day wasn't right. I was a little worried that the hotel would have trouble figuring out the information as it wasn't labeled, but I received a prompt confirmation. Life is risky, but not all life has the same protection as credit card fraud.

A dishonest employee can simply write down the CC number on a piece of paper and sell it to a criminal group.

That is a possibility whenever you use a credit card.

I just call the hotel

Try Booking.com. They also allow you to cancel closer to the arrival date, if you need too.

We have switched to Booking.com unless the hotel provides a secure website. This sending CC info by email makes no sense anymore. If the hotel can’t be bothered to provide security for prospective guests, I’m headed elsewhere.