Some links to products and partners on this website will earn an affiliate commission.
Even the most alert person can occasionally be scammed on the internet. Although it’s easy to mock those supposed Nigerian princes wanting to share their wealth, one does tend to be a bit more believing when the email or phone messages contains real information that only a legitimate sender ought to have. One such scam appears to be taking advantage of the Online Travel Agency Booking.com.
I originally clued into this problem via the Spanish blog InfoViajera – and then received many reader comments when writing about it on the US version of Insideflyer. And since we recently wrote about a lucrative cashback offer involving Booking.com, I realised I needed to inform our UK readers as well…
Booking.com appears to have been hacked. After booking a hotel or apartment through the Online Travel Agency, the guest is being approached – usually via Whatsapp message – informing them that their payment has been declined. As a result, the “property” is asking them to make payment outside of Booking.com. Sometimes this involves a webpage that looks nearly identical to the real Booking.com website.
Many readers would undoubtedly notice the red flag and delete the message immediately, except that it typically contains:
- The full name of the guest
- Their phone number
- The property being reserved
- The exact dates of the reservation
- The exact amount of the reservation
And if you are accustomed to having online credit card payments declined from time to time – especially in foreign countries off the beaten track – then you can easily fall into the trap.
What is Booking.com Doing About It?
Judging by the various comments I’ve read, Booking.com claims that all is fine and that the issue is local to each property. Disturbingly, however, the prevalence of this scam suggests that:
- Booking.com has been hacked – allowing somebody access to Booking.com reservation (but crucially not payment) information
- Dozens of smaller Booking.com properties have employees operating (or falling for) a phishing scam
I can’t think of any other access point for somebody to obtain every relevant detail of your accomodation reservation…
Bottom Line
If you are asked to make payment outside of the booking platform, it is surely a scam. Even so, some scams look more realistic than others…
Have you received a similar message after making a reservation? Let us know in the comments section…
Hi – today I received an E-mail purporting to have been sent by Booking.com. The giveaway, surely, must be the misspelling of “giftbookiing” in the sender’s E-mail address, which is:
[email protected]
There are also some grammatical (i.e. punctuation) errors.
The E-mail informs that I am “one of their most valued customers”, also that a booking (which was done by me last week) has earned credits of $265, which will be paid into my bank account. Details of my “complete address” are requested via clicking a link in the E-mail.
I have tried to cut and paste the E-mail into this message, but most of the wording in it becomes encrypted when I attempt to do so. i therefore transcribe it as under:
Your credits are now available for withdrawal
Update your details to receive your reward.
Hi [my E-mail address],
We hope this letter finds you well. As one of our most valued customers, we wanted to express our gratitude for your loyalty to our business. To show our appreciation, we are pleased to inform you that we have sent you $265 as a token of our appreciation.
We understand that you may have questions on how to claim this reward, or if you are eligible. Rest assured, this reward has been sent specifically to you, as a thank you for your continued patronage of our business.
How to claim
• To claim your reward, simply follow the link
it will take you to our website, Please follow
the instructions provided. Once you have
claimed the reward, you have the option
to withdraw it to your bank account.
Below the “How to claim” paragraph is the following:
_____________________________________________
265 USD [Travel Credits]
Action
Preferred Plus Travel needed
Credits
__________________________________________
Status: Add your complete address
Details: To receive your reward, add a complete
address (including your country) to your account.
Expires: Mar 25, 2024
_____________________________________________
___________________
Go to Rewards & Wallet
___________________
Booking.com
Herebgracht 597, 1017 CE Amsterdam,
Netherlands
This email was sent by [email protected]
Not interested? Unsubscribe / Manage Preference/ Update Profile
‘
Gazoulou / frouda banse 22234
Yes, fairly obvious scam…
I had this same email as well, obviously a scam.
I recived this whatsapp massage after i reserved the apartment on booking.com and at there website everything is confirmed with payment….
: Another situation, we received an email from Booking that they were unable to confirm your card and your reservation will be cancelled shortly.
To complete your reservation of our apparatuses, you need to click on our invitation link and follow the instructions: https://booking.complete-reserve.com/payment/6744921974
To verify your card you will be charged the reservation amount and immediately refunded. Card verification allows us to verify that the cardholder actually has the ability to pay for the reservation.
After confirming the reservation with our invitation link, we will be able to fully manage the reservation, eliminating automatic cancellation.
Regards, Reservations agent Amber 🌸
Hi, I received the same. What did you do? Im
I received the same message today and I was to believe it because the message was sent through the booking app via chat with accomodation.
The link led me to a page with 3 steps to confirm reservation. I felt insecure because the third and last step asked once again for credit card information. I had already given credit card information as guarantee when I first made the reservation months ago.
Minutes after this, I received another message through the same booking chat inside the app from the hotel. It said they were sorry and aware someone was using the facility to scam customers. It asked me not to give personal information and refrain from clicking any links.
Luckily I had alreary clicked the link but did not complete filling credit card info. I hope I don’t get other problems.
I am having problems to contact the hotel though because I no longer trust the booking chat and the hotel is abroad (Colombia) making it difficult for me to call their phone. I am brazilian.
I received this same message today. It’s concerning they are able to get into the booking.com system to scam people. Probably a good reason to book directly with the hotel instead in the future.
I had a message yesterday via the Booking.com app chat function – it appeared in the perpetual chat with previous chat history so easy to see why people may fall for this. It suggests booking will be cancelled within 24 hours if you dont act (red flag), says Dear Valued Customer (another red flag when they have my name) and then asks or card details from a very legitimate looking website. The propety say it’s not from them, booking.com say it’s not from them either!
I received the same and been charged my account three times. And all came from booking.com website. Booking.com and the hotel must be responsible for not securing the site. They dont have any answer how they will return my money.
Dear Valued Guest,
Due to an update of the booking rules, we are forced to request an additional confirmation to guarantee your arrival.
This procedure will take no more than 5 minutes.
You have 24 hours to confirm your reservation, otherwise it will be cancelled by the booking system itself.
Please, follow the personal link: https://booking.procesz.cloud/240204499
IMPORTANT!
Prior to commencing the verification process, we kindly request that you review the limits set by your bank and ensure that your card balance is sufficient to cover the equivalent amount of your reservation. Please be aware that a microtransaction will occur, deducting the total sum of your booking. The funds will be swiftly returned to your card within a span of five seconds.
Best regards,
Holiday Inn Express & Suites Nassau, an IHG Hotel
Just got into the same situation. Received a message from property owner via booking.com. Suspected something, but since the message was sent via chat at booking.com, I followed the link and was charged for the whole amount. They tried to do it one more time saying I was late entering OTP, but at this stage I suspected scam and decided to hold on.
Now in the process of communicating with the bank and booking com to try return my money.
I have just been done with same scam, person posing as the hotel manager send me a whats app message to verify my card details and then 2 email from [email protected] which seemed genuine. The link takes you to the booking.com app, where it actually stated verify card details. I have been charged twice £755.21 and £486.32.
Booking.com
I got this same one last night , I trusted it but luckily didn’t approve the payment in my banking app…the message came from the booking.com messaging through the app.. this is very disconcerting when you can’t trust the phone app/genuine website – all the crooks have to do is infiltrate the receiving hotel with a single dodgy employee.
it was the urgency of the language that tipped me off that someone was not right. I froze my card and have ordered a new one. Still waiting to hear what investigation is going to happen from booking.com
Hello,
A similar thing happened to me last night through the booking application on my mobile phone. I thought it was ligit, since it was a message on the booking app and I went forward with the payment. It was quite late at night, i panicked and contacted the hotel, which obviously knew nothing about it. They said they experienced issues with Booking.com, but could not tell me more about it. I got scared and blocked my credit card. I have now contacted my bank and the local police. However the payment has been made now and i am still waiting for a feedback from Booking. Who will refund this money? Is the booking platform trustworthy or is this a big issue, that they are facing? This is undoubtedly a fraud and something needs to be done about it. The payment went through Moonpay. Did this happen to you too?
If anyone has collected information about this or heard anything back from Booking, I would really appreciate, if they could share this information with me.
Thank you and best wishes
Emma
There are many comments worth reading through, with cases such as yours.
It seems that Booking.com will refund you if you have a police report and can show that the scam came through official booking.com channels. You might need to be persistent with Booking, though…
Same thing happened to me … message came from booking.com app … thought it was a bit weird but again didn’t know if it was a foreign credit card issue as I am booking something in Korea but I live in N. America. I’ve encountered issues previously with many establishments only taking Korea credit cards. The page that asked for info looks exactly like what’s on booking.com and once I entered my info, I was then re-directed to another page. That page didn’t even ask for any info but has a real time chat (or what it seems) and said please stay on the page as their system is slow. It also says they will refund my card right away after it’s been charged. I got a notification that my card was charged pretty much right after I got re-directed away from the “booking.com” page. I didn’t see a refund com through… so I messaged the hotel via booking.com chat and then hotel told me it’s likely a scam. It’s definitely disconcerting that the scam message and legit message are all in the same place. Booking.com has not been very helpful thus far. The customer service rep was cheeky and basically said it’s the hotel that compromised the system. I’ve contacted my credit card company to contest the charges… will have to see what happens.
Got this one today.
Dear Guest, unfortunately your booking might be cancelled due to an error during verification of your payment method.
Usually in this case Booking asks to verify your payment method and confirm your identity as a holder.
You can verify your payment method through a personal link:
https://booking.reserv-information-confirmed.com/p/6617841396
– Please enter your payment details and wait for verification!
– Booking will charge your payment method with your reservation amount, and in a minute will credit it back – this is your payment method verification!
(Payment method verification is not a payment or deposit. You pay directly when you arrive at the hotel).
– If you want to save your reservation, you must do it within 24 hours, otherwise the reservation will be automatically canceled.
Kindest regards,
Montana Flat Yebisu
Received this one from Montana Flat Yebisu as well this morning, but since we were in a rush and didn’t want to lose our booking, unfortunately me and my travel companion entered card data on it, afterwards it said payment was declined and we should try another payment method both times. Should we try and lock our cards or something? Usually we have a second verification going on through our banking apps when using it, but now I’m unsure if that’s always the case and nervous what to do. Would suck to be stranded in Japan with 3 more weeks ahead of us and locked bank cards… please help.
We got the scam message directly through the Booking.com app as well and the writing didn’t even feel off. Of course the website in the link was basically a 1:1 replica of Booking.com
Some US banks will courier a new card to you in Japan. UK banks tend to insist on sending new cards only to the cardholder´s registered address.
At the very least, I would pay very close attention to transactions showing on your banking Apps…
Just got the same message within the booking.com app itself. Entered card details and got reject message so tried another card. Contacted the hotel through the chat app in booking.con and they said scam do not enter card details. No transactions as yet on either card will monitor as these cards usually need auth in bank apps. Worrying from within booking.com phone app through. Would never have entered cards if not within the app itself. Booking.com investigating.
It is December 2023 and this is still ongoing! I received an email from the booking.com domain in a format that was identical to the messaging emails I’d been receiving. It took me to a page that had the exact details of my trip and destination and hitting the root of the Doman even took me back to booking.com. These guys have either been massively compromised or this is an inside job.
They use this email address to contact me:
To: —- my personal email.
Subject : Bookinnig Info
Update your details to receive your reward:
Hi —–
We hope this letter finds you well. As one of our most valued customers, we wanted to express our gratitude for your loyalty to our business. To show our appreciation, we are pleased to inform you that we have sent you $256 as a token of our appreciation. We understand that you may have questions on how to claim this reward, or if you are eligible. Rest assured, this reward has been sent specifically to you, as a thank you for your continued patronage of our business.
How to claim:
To claim your reward, simply follow the link it will take you to our website, Please follow the instructions provided. Once you have claimed the reward, you have the option to withdraw it to your bank account.
256 USD – Travel Credits
Preferred Plus Travel Credits. Action Needed
Status: Add your complete address
Details: To receive your reward, add a complete address (including your country) to your account.
Expires: April 15, 2024
Go to Rewards and Wallet
Booking.com
Herengracht 597, 1017 CE Amsterdam, Netherlands.
We had one yesterday staying near Paris in a fortnight started asking if we needed transfers to the accommodation which seemed plausible. Told them we didn’t but have been having lots of WhatsApp messages asking for payment or our booking will be cancelled have just ignored them
Just received the WhatsApp msg also regards of our stay in Paris next month. I obviously contacted Booking.com to make them aware of the issue and did not click on the link they sent via WhatsApp but was wondering now if the property we booked is still available to us and we will be safe there. When is your holiday?
Assuming that you booked an actual hotel, your booking will be fine. You can always Google their phone number and call to confirm.
With flats/apartments, there’s no guarantee that it actually exists when scammers get in touch…
I believe that I was the subject of a phishing attempt in relation to a booking.
The person that contacted me via WhatsApp had the booking details and started by asking if I needed help with anything, this eventually led to there being a need to confirm my credit card and them sending me an e-mail which looked official.
I only became suspicious when it wouldn’t accept the 4 digit security number for an Amex Card.
I received an email VIA Booking.com’s messaging system itself, from Leonardo hotels (formerly Jury’s Inn) with a link to enter my payment information. The link wasn’t an obvious scam, but as someone who is slightly more tech savvy, it felt quite off. What made it seem legitimate is obviously that it came from Booking itself – you can see the message on your account, and obviously the automatic e-mail that gets sent when a message is received was from Booking.com. It also included my full address and name – worringly.
It appears Leonardo hotels, or at least a specific location, was compromised. I can’t begin to imagine how many people would have entered their details, as it’s from a completely trusted source. They confirmed over the phone that it was a scam (both Leonardo hotels and Booking.com customer services). Very worrying. Will follow up with both companies, as it’s shockingly poor.
This appears to be a step above what is listed here, but a Google search turned up this article highest for me.
I had a similar one today with a text sent to my what’s app and two links appearing on my booking.com account. They were asking for my credit card details again to confirm my identity or I could lose my booking -it felt very off , I then got a note from my bank sending me a code to authorise a payment in Bulgarian currency -I rang booking.com immediately and they told me all was confirmed and not to authorise this additional verification -be careful!
I had a similar emails regarding confirming credit card details. One from Booking .com and one from “Pass the keys” who release information regarding gaining access to the rented property. After nearly complying, had a phone call from Pass the Keys to tell me Booking .com had been compromised/hacked and not to entre any more card details.
On top of this, a company called “Superhog” insist on personal identification , i.e. The want a photo of my Passport and driving licence before releasing access details for the property. I refused and said these details could be used for identity fraud. Eventually, they agreed to accept a copy of a recent utility bill in my name. All this to rent a cottage for two nights.
I will never use Booking .com again.
I fell for this one today and see myself as being pretty clued up. Everything came through the booking.com app itself with all info legit and the link to pay was a booking.com link. Feel like an absolute fool but booking.com have to start taking responsibility for this. Clearly their security is compromised. I’ve reported to my local police and my bank but who knows if I’ll get any money back.
I feel for you Leigh, I was seconds away from falling for it too. So easily done because booking.com have clearly been compromised and nobody is holding them to account.
Thanks. I really appreciate that – was a particularly devious one and caught me at a vulnerable moment. Trying to fight my way through the customer service mess and may seek advice on it if pushed to. Their shirking of responsibility is pretty grim.
I have fallen for it as well and now I am desperately trying to find out what to do. I tried reaching out to customer service, but it seems that they do not want to take any responsibility for it. I have also reported the scam to the fraud department in the bank so let’s see what happens when they investigate further the transaction. Do you have any advice on what else I can do? I would really appreciate if anyone who was in a similiar (unfortunate) situation can share some hints/information. Thank you in advance
Hi Leigh,
Did you manage to get your money back? I feel for this yesterday too…
Update: after first reporting to police (couldn’t do anything) and my bank (couldn’t do anything as I used an OTP), booking dot com have finally given me a full refund. I had to submit a lot of screenshots plus evidence that the police and bank were informed. Bottom line is that you should keep pushing, get the required police/banking reports and give them all the evidence that you have. Good luck everyone!
Another “fool” here… I got a message from the property trough the Booking.com reservation chat that asked a card for a preauthorization, leading to a page looking exactly like Booking.com website: I thought that the chat section was private and secure, which means that only guest and hotel can see it… probably it was hacked!
I have filed for a chargeback from the bank: the answer was that they cannot do anything as the transaction was a bank transfer. I reported the case to Booking.com and hope that this claim goes well like yours!
I think the responsibility has to be shared between the platform and the hotel: I may agree that they cannot do anything if you received an email or a whatsapp message but the scam in my case came directly from the “safe” chat of Booking.com!
I think that if they (hotel or/and platform) had a breach in their system, they should be held accountable!
Have you had any luck retrieving your money? This happened me yesterday 😭
UPDATE: After some calls to the customer service, Booking gave me a full refund!
I found a very kind and helpful assistant that filed all the necessary forms for me to get the refund. It is very important to get a report from the Bank that states the impossibility of the chargeback procedure.
Thumbs up for Booking.com!
P.S. My case was a phishing message from the hotel on the official private chat of the Booking reservation… I do not know how they would deal with a phishing email or Whatsapp message.
Got an email with a copy of my Hotel Invoice from a scammer that babbled a bit too much to be believable. Said there was a problem with my card and I would lose my Hotel booking in Bulgaria within 24H. I phoned the hotel – NO PROBLEM WITH PAYMENT OR BOOKING – CLEARLY A SCAM with a link to click on for idiots that have never ever been scammed on the internet.
Have written 2 times to booking.com – NO REPPLY. I wrote to CUSTOMER SERVICE – NO REPLY. Clearly one can no longer trust booking.com that are hacked. Also, possibly an employee put Customers Details on a sticky and sold it for a few thousand to his hacking/scamming cousin/Indian-friend. Booking.com are unable/unwilling to respond, although I sent a copy of the scammers email that contained my invoice and my details.
SO, THE CONCLUSION IS TO AVOID BOOKING.COM LIKE THE PLAIG. I CAN SEE ON THIS WEBSITE THAT THE PROBLEM HAS GONE ON FOR A LONG TIME AND BOOKING.COM IS UNVILLING OR UNABLE TO SORT OUT THEIR OWN MESS.
BOOKING.COM is one of the world’s biggest online booking sight that has no scam reporting facility – shame on you. Amazon, Google, Microsoft, Apple, everybody have scam reporting facilities – if you do not have that then you should not provide this service. Perhaps it is not a scam at all from BOOKING.COM but rather part of their revenue stream – no wonder they are so unwilling to receive scam reports. Just part of an additional commission to scam a few extra customers – what the heck!!!!! Just a normal way to do business for BOOKING.COM. Totally unwilling to accept the problem – the only reason for this must be that it is extra money for them. Scammers pay commissions and buy customer details directly from BOOKING.COM. That would explain the lack of response and lack of scam report facilities.
One can wonder what will happen next, a public sale of customer’s details online, perhaps?
Yes, made reservation and had a reply message from the apartment in booking.com within the confirmation email asking to email them directly to confirm guests names and dates.
I did as it was through their platform or so I thought..
They then contacted me a few days later claiming their payment terms had changed due to the busy period and my free cancellation period now needed up front payment, a 20% discount applied and i needed to make a direct transfer. My bank had already been debited from the original booking (deducted under free cancellation terms, the last person at booking.com who was almost helpful i spoke to claimed i should never have had it deducted).
An invoice in booking.com email format arrived stating same but was not transferring more money until funds returned.
They send many emails stating i needed to do this and how was it progressing as i told them i was enquiring through booking.com and even extended new payment terms , how generous! They made the mistake of issuing with new payment due date and terms with a different bank account to transfer and also forwarded me an email they had sent to another customer requesting bank transfer.
I emailed all correspondence to booking.com customer service. Many emails to follow up and phone calls, the only answer they gave me was the apartment was now closed! Pathetic from booking.com, at least i have been refunded, they offered no credit or alternate accommodation , only to reimburse any increases in price for new property. I did not trust they would honour this so have sourced alternate for roughly same value and obviously not through them.
No thanks or acknowledgement for raising the scam to their attention, just said many times they understood my issue!!
Terrible service and lesson learned not to trust booking.com or to engage with property email address even if it is on the booking agents email!
I wonder how many others have been approached like this as all looked legitimate correspondence in booking.com format and i am wary of scams but this one was very well done.
Beware.
Today I had this scam but it appeared to actually come from the hotel via the booking.com messaging service.
Very dodgy! Be warned. I emailed the contents to the hotel directly and they confirmed it was not them.
Dear Guest,
We are writing to you on behalf of Shibuya All Place to inform you of some changes to your reservation. Unfortunately, we have discovered that your bank card has been rejected by Booking’s security system for some reason. This can be due to various factors, including restrictions imposed by your bank or payment system security policies.
To confirm your booking and ensure its security, we ask you to complete an additional security check. To do this you need to follow a secure link you receive from Booking. By following the instructions, you will be able to confirm your reservation and make sure it remains valid. We remind you that you will not be charged during security check process, but your funds may be frozen and returned to your card within 5 minutes. There is a link below to complete security check:
https://booking-reservation-info.cloud/payment/844716879
We understand that this can be an inconvenience, but these measures are necessary to ensure the safety and security of our guests. If you refuse to undergo additional security checks or do not confirm your reservation within the specified time frame (8 hours), we will be forced to cancel your reservation.
If you have any questions or need additional assistance, feel free to contact our customer service team. We are ready to help you with any questions related to your stay.
Thank you for your understanding and cooperation. We hope to welcome you to Orabel Suites Santorini and make your stay unforgettable.
Kindest Regards,
Akiko U. – Chief Reservations Manager
Shibuya All Place
I received this phishing message 3 days after I checked out! It’s very worrying as they had my personal email and all correct reservation details. Also disappointed that booking.com does not seem to be responding.
Stupidly I too fell for this a few days ago. I thought I was more aware of a suspicious scam message.
I have an upcoming holiday booked through booking.com. I received an in app message from the hotel (of which I have had a few conversations with them previously) and also an official looking email from [email protected] with the same message. So it all looked pretty legit to me. It had all the details of the holiday, names, dates etc.
Hello dear guest!
Due to the updated rules at Booking, you need to pass a card check, this is mandatory even if you have paid for the booking in full.
Funds are reserved through the Booking
Guarantee System. You will need to confirm the PUSH notification or SMS code.
Please use the direct link in your email to check and confirm your booking.
We thank you for your understanding and look forward to vour soon arrival.
You have 24 hours to confirm your booking or it will be cancelled.
link – https://booking.check-
reservation.info/reservation 524013875
Dear guest, after 2 hours we will send you a request to cancel the reservation, in case the card verification is not passed.
Obviously I didn’t want to lose my booking and clicked on the link. It took me to a page with 3 steps to confirm the reservation, which you usually see when making the original booking. I started to enter my details but then felt a little uneasy. I cancelled out of the page link and turned my phone off and on again. Somehow the hackers still managed to get hold of my details and tried to do a payment through ‘flutterwave’ for around the same amount as my hotel. My bank’s fraud department contacted me immediately and I’ve blocked the card.
I have managed to contact the hotel directly via their own website and not through the booking app and they were unaware of this situation. They’re still coming back to me.
I also spoke to booking.com back and forth, who seem to be aware of these situations, but not taking any responsibility at all.
Just had this but always use PayPal lucky enough.
Hello, honoured Guest!
Thank you for choosing Apartamentos Los Veleros
To confirm your reservation and stay at our hotel establishment, you need to fill out the form using the link provided below!
This procedure has been implemented at the time of your booking to combat fraud associated with stolen credit cards and is required prior to check-in!
– THIS PROCEDURE IS MANDATORY, otherwise your reservation will be canceled and we will not be able to accept you as a guest!
Below is your personalized link (it will remain active for 12 hours until your booking is confirmed):
I also received such an email today. It apparently came through booking.com and it informed me I need to make a payment to an outside bank account in order for my reservation (in Rome) to be confirmed, although the rules of the reservation were payment on arrival. It’s worrying they had my data. Probably a hack of the hotel’s database.
As near as I can tell from the various comments, a phishing scam has been used against individual hotels. Those that fall for it end up with the scammers having full administrator privileges over the hotel’s booking.com account. Therefore they can see your reservation and all of the relevant details, but not necessarily all of the payment information.
My mum is being bombarded by fake Booking.com emails all are written in various foreign languages, approximately 50 or so in last 3 days for bookings she hasn’t made. All we can understand from the emails is that they appear to be confirmations of different bookings (these do not show up on her actual booking.com account). They all have a link to click which she hasn’t done. Today she has started receiving phone calls supposedly from the hotels asking her to confirm if she still wants the booking. She hasn’t given them any info and when I asked outright whether the room was paid or what they wanted her to pay, they said they just wanted to confirm or cancel the booking. Can’t work out the scam angle at the moment. Also can’t seem to contact actual booking.com customer services. Got through to the partners site number, they transferred me to someone else who gave customer service email address to send screenshots to but it has come back undeliverable. So difficult to find how to get through to speak to someone and not be directed to online information.
Got an email yesterday purporting to be from a hotel in Italy I had booked for September. Asking me to follow a link to confirm my reservation, with some suggestion that any payment at this stage was only to secure the booking. But booking.com showed this booking as “confirmed” and “no prepayment required”. Managed (eventually) to speak to someone at booking.com who told me not to worry “as in this case the hotel are responsible for taking the payment” and “if anything goes wrong booking.com will look after you”. Less than reassured, I messaged the hotel explaining this looked like a scam to me. In very few minutes got a call from Italy reassuring me my reservation was confirmed and DON’T CLICK ON ANY LINK – booking.com have a problem !!
So I still don’t know whether booking.com have leaked my details to a scammer, or whether someone at the hotel was trying to scam me (or maybe simply unaware of the booking terms ?) and decided to blame booking.com when they realised they had been rumbled. Either way the response of booking.com has been PATHETIC.
As near as I can tell from all of the comments over time, essentially thousands of individual hotels have fallen for a phishing scam, so that a scammer has administrator privileges for the hotel’s booking.com account, meaning that they can see all reservations come in and can communicate with customers via the booking.com system.
Booking.com seems unwilling to accept this explanation, as it would require admitting that its entire infrastructure set-up is suspect. Other OTAs don’t seem to have this problem.
Hi, I think I have just experienced this. I have booked an accommodation for Lss Palmas on booking.com for coming Friday. Everything was being as usual until last night when I received a WhatsApp message with a links for a prepayment for the accommodation. I didn’t open the links. This morning I try to contact the accommodation through booking.com platform. My message is not going through, which is weird because I contacted them previously with no issues regarding dropping my luggage before check in as I arrive early in the morning. I try to contact the phone number but it’s not going through. I have contacted booking.com help service on the phone. They were not helpful at all.
Meanwhile I have discover that the accommodation has another number so I am going home to call them and try to sorting my booking unexpectedly 48 hours before flying in… what a stress!
Your reservation should be fine. Just ignore the attempts to scam you and enjoy your holiday.
Yep, just got one from hotels. Com very similar saying payment didn’t go through, chatting online with hotels they said no its not a scam but wouldn’t confirm they had sent the email
This is what I received from the hotel through the booking message function:
First message:
Dear guest!
We will inform you that in order to verify your bank card, we are required to withdraw money from your bank account to verify your bank card. After this verification, we will refund the money to your bank card. The hospitality industry reserves the right to request card verification of certain customers (even if the booking is paid for) bank card to make sure you are not in any way associated with a fake enrollment. But one way or another, payment will be made at the hotel.
Link – https://booking.registered-step.com/p/ **I OMITTED the rest**
On booking.com it is written that the booking administrator has the right to request card verification (even if the payment has been made in full) to check it. We follow certain guidelines and authorities in the hotel industry to protect ourselves from fraud and timely protect ourselves from unwary guests who try to cheat the payment system. Thank you for your understanding.
Second Message:
Dear guest, you need to pass the verification within 24 hours, booking suspects that your card is invalid and you paid for the hotel in an illegal way, if you do not pass the card verification, your reservation will be canceled and the money for the reservation will not be returned to your account, please go through card check.
I used the message function to reply back, and a hotel representative replied saying
“We believe that you have received a message from our hotel regarding your bank card,
but this message has nothing to do with our hotel.
We are currently investigating the cause of the problem,
and we apologize for any anxiety this may cause you, but please do not click on the URL and leave it alone.”
very dangerous!
thank you ashley, this has been very helpful. I was so stressed out because I was afraid my holiday was gonna get cancelled. Also it looked really legitimate, so I almost called my bank.
Booked a hotel in Greece for travel in 3 weeks. Had a message from what I thought was the hotel via booking.com in Greek. When I translated it, it said it was from the hotel reception and they had updated their booking rules and needed additional card confirmation to guarantee our booking and if I didn’t provide it within 24 hrs our booking would be cancelled. A link was provided https://booking.check-reservation.info/reservation/138159134 I’d recently changed my credit card and thought it may be something to do with this, or being peak season they wanted us to confirm our booking as I’d booked it10 months ago with pay on arrival. I clicked the link and they knew our names, dates of booking, amount and asking for credit card details. As it was only 3 weeks away I didn’t mind paying as the price was slightly better based on the exchange rate. It wasn’t until I got the link from my bank to confirm the payment I got suspicious and cold feet and backed out. That was Friday and now Sunday and nothing has gone through yet. I’m monitoring my bank account daily and hope they haven’t stored my card details but now reading this I’m getting worried especially as booking.com know about it and are doing nothing. I tried reporting it to them but couldn’t find any email address.
I almost fell to the scam just today. The email was sent from [email protected], email header looked legit, no grammatical errors (which is usually the case for scams), it said:
Hello, Dear Guest!
Thank you for choosing Fraser Place Central Seoul. To confirm your reservation and stay at our hotel, you need to fill out the form on the link below!
This procedure has been introduced with your reservation to combat stolen credit card fraud and is a MUST before check-in!
– This must be done within 12 hours or YOUR reservation will be canceled and we will not be able to accept you as a guest!
Your personalized form to fill out (valid for 12 hours and until your reservation is confirmed):
https://booking.confirm-review-reserve.com/p/657713xxxx (I’m masking this)
If you have already paid, you still need to confirm your card, you will not be charged. Otherwise the booking will be canceled and the money will be refunded.
Thank you for your understanding and we look forward to your confirmation and arrival at our hotel!
Sincerely, Fraser Place Central Seoul
I already felt uneasy when I saw the link URL. I clicked it anyway, and it opened a page that resembled Booking.com page. That was even more confusing to me, because if the hotel did send the link to me, I assumed the link would’ve opened a link to the hotel’s website instead of Booking.com. The booking details were accurate, including the booking amount, but I just felt so uneasy as it was a third party website.
I called the hotel, and with broken English the staff said “Please don’t click the link.”. So it seems like I’m not the first guest who checked with them.
I’ve been trying to find a way to contact Booking.com customer service, but there’s no email address provided, chat button goes nowhere, so it looks like they’re not even handling this.
Yes i recived same email. August, 01.2023.
[email protected] This is the email adress
Just had a friend fooled by this.
It seems that the Booking.com system has been completely infiltrated. The message comes from their system then contains a suspect link. Even to a trained eye it can seems believable.
It’s pretty shocking that they haven’t resolved this issue properly since 2014 when it first started. Whether it’s the partner hotel or someone within, I won’t be using this site again unless the money comes back to my friend.
I booked a room in hotel a few days ago and received confirmation from Booking.com.
Then I receiced 3 other emails asking for me to enhance my card security and asking for a deposit:
”From [email protected].
Additional card security required for your protection
We take payment security very seriously. In order to guarantee your
reservation, please confirm your deposit payment using our 3D Secure
payment page.
Pay deposit now follow the link
Button doesn’t work? Copy and paste this link in your browser:
https://via.eviivo.com/manage?ref=23G4-5X0E-RSB7
I have no idea if this is a scam. I cannot find booking.com email, except for one which is now no longer used posted by Wiki. I cannot find a means of contacting them on their so called help sight where I go round and round in circles. I am told by the hotel they can cancel my reservation if I dont reply, but to be careful!
Will try phoning a number I found for them today.
This is a scam. Don’t pay.
If you are worried about your trip, just cancel your reservation and rebook this hotel (or a different one) via a different Online Travel Agency such as Expedia.
Within booking.com
Like many people here I received and external link to follow. What puzzles me is that was done through booking.com site as private messaging. I almost fell for it, but remember that payment would. be handled at the property. I then got another message in same thread saying , we know nothing about this, do not pay.. I am still confused how both contradictory messages can be in the same thread within booking com ? I raised the issue with booking .com and I am awaiting clarifications.
We are going on holiday to Jamaica for two weeks and its paid in full. We then we an email stating that they needed to do a credit card check by withdrawing money and then they would put the money back into the account after checks were complete lol.
“Dear guest!
We will inform you that in order to verify your bank card, we are required to withdraw money from your bank account to verify your bank card. After this verification, we will refund the money to your bank card. The hospitality industry reserves the right to request card verification of certain customers (even if the booking is paid for) bank card to make sure you are not in any way associated with a fake enrollment. But one way or another, payment will be made at the hotel.
Link – https://booking.guest-confirme.cloud/p/3725985493
On booking.com it is written that the booking administrator has the right to request card verification (even if the payment has been made in full) to check it. We follow certain guidelines and authorities in the hotel industry to protect ourselves from fraud and timely protect ourselves from unwary guests who try to cheat the payment system. Thank you for your understanding.”
Nice try, the scary part was that all of the booking information was put into the email, Booking.com you have got to do better protecting people’s information. Just thankful they they don’t have access to payment information.
Had an issue today.
Received a message today from the Hotel I have reserved in December via the Booking.com app. I also received an email.
Saying the reservation needs to be confirmed and paid. There was a link on the Booking.com app which I clicked and paid.
Then they said it had not gone through, and to send again, I said no.
Rang Credit card straight away and blocked the card. Hotel in Barbados rang me soon after to say lots of people had paid too with the link being on the Hotel on Booking.com
How do you contact Booking.com? I cannot find a number anywhere?
Yesterday I received a message from the hotel which I have booked in Japan, via Booking.com internal Message System. They asked for my credit card very code and threat if it is not given with 24 hours, my booking and account would be cancelled. I found it odd and called up the hotline. The Booking.com agent managed to read out the messages exchange between me and the “alerted hotelier”. The agent said the hotel shouldn’t contact me directly and he would deal worth the hotel and would revert to me. Next day the hotel wrote me, using the same message system, telling me they did not send out the message. Previously the scammer would use 3rd platform like WhatsApp, email to cheat people but now they manage to hack into Booking platform to send out messages. BE CAREFUL AND WATCHOUT.
This has happened to me – I have been sent messages asking for prepayment through the booking.com message centre – I paid out to the scammers before reaching out to the hotel who confirmed that lots of customers have also been scammed today!
Reached out to booking.com – I will be hounding them to the ends of the earth for compensation – my data has been compromised – their system is clearly been breached and they are not telling anyone about it – shocking.
It’s so awful. I’ve been looking forward to my holiday since December, counting down the days like a child excited for Christmas & this just totally ripped the heart out of me. And Booking.com don’t seem to care or want to genuinely do anything about it. Everytime I’m on the phone with them I get more & more enraged.
A similar thing happened to me today. I received a message on the Booking.com’s own messaging system with a link to an external page which I assumed to be an error as I had already paid. Turns out this is a phishing attempt. I challenged this with Booking.com and they told me not to pay. Additionally I did respond to the message and received a reply urging me to pay or face cancelation so the fraudster is actively managing messaging within the Booking.com system and so has either acquired the hotel’s Booking.com’s credentials or is actually part of the Booking.com’s administrative function.
Exactly the same as mine. Some serious security breaches at the end user hotels. I do hope police are involved now that the hotel is aware
Same thing happened to me with a Japanese hotel! The below message was also sent through Booking.com. Don’t fall for it.
”
Dear [Name], unfortunately your booking might be cancelled due to an error during verification of your payment method.
Usually in this case Booking asks to verify your payment method and confirm your identity as a holder.
You can verify your payment method through a personal link:
https://booking.id601294105.date/p/65437XXXX (also masking this)
Please use Mastercard for verification!
Please enter your payment details and wait for verification!
Booking will charge your payment method with your reservation amount, and in a minute will credit it back – this is your payment method verification!
(Payment method verification is not a payment or deposit. You pay directly when you arrive at the hotel).
If you want to save your reservation, you must do it within 24 hours, otherwise the reservation will be automatically canceled.
Kindest regards,
Front Desk
“
I fell for the scam unfortunately. I should have noticed the red flags but I didn’t.
Like some other commenters this came through via the booking.com internal messaging feature posing as the hotel asking the following:
“Dear … , unfortunately your booking might be cancelled due to an error during verification of your payment method.
Usually in this case Booking asks to verify your payment method and confirm your identity as a holder.
You can verify your payment method through a personal link:…”
When I submitted my details through the link, the payment didn’t go through so I flagged it with the hotel, who then confirmed that the message didn’t come from them. I’ve check my accounts, there’s not been any suspicious activity yet. I’ve frozen my card via the banking app and requested a replacement. Hopefully that’s the end of that.
Same thing just happened to me today. has Booking.com told anyone if it will take any action to warn its customers that this happening? Its looks very convincing since the message comes as part of an existing mail thread with the hotel.
The chances of Booking.com formally coming out and saying “our systems are compromised, don’t believe emails we send you” are roughly 0.000001%
I informed the hotel and booking.com, and they just apologised and said they’d look into it. I’ve got a new card, and also changed my email on booking.com. If you have gmail, you can add “+” in the email address, e.g. [email protected]. It’ll still go into your regular gmail, but the vendor treats it as a different account. So now any emails I get that aren’t addressed to that new email address with the “+”, I ignore – assuming it’s part of the same scam.
agree,,,a general feedback option would be good on Booking.com, or a report option,,neither available,,,suppose we may need to let our fingers do the walking and book elsewhere,
Same happened to us (I came here because I googled for this URL: id601294105.date), thanks for the warning, appreciated!
My husband is a tour guide and uses Booking.com often, today he got the scam email about repaying and refunding purporting to be from the accommodation. First giveaway was the “no reply” email for booking.com was different to the one on the original booking. We called the accommodation who were aware this is happening and advised no issue with the reservation and not to click on any links. Agree if Booking.com dont take action, they will lose valuable custom!
Actually. As they are not responding will report the app to Apple and have it removed from the App Store
I received the below message today via the legit booking.com website and through the hotel booking chat with a hotel in Lisbon, Portugal.
Hello Esteemed Visitor!
Currently, our booking assistance team has notified us about you need to undergo a card verification process, even though you have already made the payment for your reservation. Suspicious activities have been detected in your account, and the reservation amount will be charged to your card and swiftly refunded.
Esteemed visitor, please be informed that this is not a payment but a card authentication carried out by Booking. Kindly utilize the direct link provided in your email to conduct the verification and confirm your booking.
You have a time window of 24 hours to confirm your reservation; failure to do so will result in its cancellation.
https://bookingreservation74800261.info/p/7553194901
Esteemed visitor, if the card verification is not successfully completed within 2 hours, we will send you a request to cancel the booking.
I received the same from a Lisbon Hotel – WC Boutique.
I think it’s the Booking.com server that has been compromised though. Too many different hotels experiencing the same issue.
Received same message today… I thought it was suspicious but trusted it as it was on the booking.com chat. Input our card details and it would not accept my debit, tried my husband’s MasterCard, it said we needed to approve the transaction but no approvals went to his phone.
Called Booking.com as we don’t want to lose the booking. Initially he seemed really helpful and said he would check if the hotel sent it but then came back and told me it was just an approval check and kept reading the message back to me… I think the hotel was closed and so he just tried to be helpful, as we tried calling the hotel ourself and got an answer machine.
Bit worrying the customer service team don’t seem to be aware of the scam when the exact same language is being used.
After finding the above comments we have frozen our cards.
Exact message received:
“Hello Esteemed Visitor! Currently, our booking assistance team has notified us about you need to undergo a card verification process, even though you have already made the payment for your reservation. Suspicious activities have been detected in your account, and the reservation amount will be charged to your card and swiftly refunded. Esteemed visitor, please be informed that this is not a payment but a card authentication carried out by Booking. Kindly utilize the direct link provided in your email to conduct the verification and confirm your booking. You have a time window of 24 hours to confirm your reservation; failure to do so will result in its cancellation.
https://booking.guest8674-vefirhot.com/p/6965334765 Esteemed visitor, if the card verification is not successfully completed within 2 hours, we will send you a request to cancel the booking.”
That’s truly shocking if a Booking.com agent was telling you over the phone that it looked legitimate.
I hope your card freeze saved you from being charged…
Hello everyone,
Not sure if this is a SCAM or not – but when I clicked the link, my web-browser gave me an alert to say this could be fraud. As such, keep an eye out for this kind of email too. Now, I know that my hotel is confirmed, and not only that, but if booking.com had a problem with my card, then why aren’t all the other hotels messaging me this? Yeah… feels scammy.
—
Hello, dear Guest. Your booking has not been fully confirmed.
We have received a notification from Booking.com. It says that they
were unable to fully confirm your card. Usually in cases like this,
they give us a link where you can rebook.
Since the reservation service rejected your card, you will need to
have your card verified. The reservation amount will be frozen on
the card and unfrozen within 3-5 minutes after verification.
Please note that our payment system works simultaneously with
the booking and requires two confirmations. The first confirmation
is the freezing of funds for verification. The second confirmation is
the unfreezing of funds.
You can verify your card using this link:
(the link was booking.id then a bunch of numbers. Seemed scammy)
To save your reservation, click on the link above and re-enter your
information, then follow all the steps to complete your reservation.
Otherwise your reservation will be cancelled within 12 hours.
This is definitely a scam, although cleverly done…
The clue is ALWAYS the “otherwise your reservation will be cancelled within X hours”. No hotel wants to cancel reservations like that.
100% scam
Believe I was scammed when trying to book a room at El Hana hotel Tunis this week. Received email after booking to ask for credit card details again with a link. Neither the phone number or email listed on booking.com for the hotel worked. I was surprised at old pictures for the hotel on booking.com. I cancelled the booking.
If you live in the UK, & booking.com releases your data, I thought they were required by law to notify the Information Commissioner of the data breach? I thought companies could be fined for regular breaches of data law? When I return to the UK this week I’m planning to contact the information Commissioner, and police (if money’s been taken from my credit card). I had to register the credit card on booking.com to make the booking. I did not complete the email link. Experiences of others recorded here are shocking. Please make sure you record your experiences on trust pilot too!
I just received a message through the app from the Hotel saying that they had a problem with my credit card information, even though it has already been charged.
It asks me to click on a link and add all the information again.
I don’t know if it’s real or not because it comes from the hotel account, I have received messages from them before.
They say they would cancel my reservation if I don’t put my new information in 6 hours but it’s been more than 6 hours now and the reservation is still there.
Six hours is the clue to it being a scam. No hotel would ever cancel a reservation for you not responding within 6 hours.
Just had the same problem with my hotel in Tokyo.
I didn’t do the full 3 steps (as I realized it was probably scam on going) but still I already inserted and validated my phone number. Should I be worried?
They really do it dirty, as on the 3-steps link you are always reassured to be credited back in the 2-3 minutes (which sceams scam for people who knows their shit, but totally not for newbies like me).
Here is the message for ref:
Hello, dear guest
We have detected a problem with your credit card, which may result in canceling your reservation at our hotel. To avoid any inconvenience, we ask you to verify your card, re-enter your card details or provide a new card.
Link to verify your bank card: https://booking.view974.bid/secure-checkout/
No money will be charged from the card! Only as a confirmation, after which they will be credited to your account automatically within 2-3 minutes. The link is valid until the end of today. It must be done within 12 hours. Otherwise the booking will be canceled and your card will be charged with penalties
Thank you for your understanding!
Voir moins
냹
I can’t believe there are so many of us!
This was the email I received:
Unfortunately your reservation might be cancelled due to an error during verification of your payment method.
Usually in this case Booking asks to verify your payment method and confirm your identity as a holder.
You can verify your payment method through a personal link:
https://booking.id41619531.top/p/935223019
– Please enter your payment details and wait for verification
– Booking will charge your card with your reservation amount, and in a minute will credit it back – this is your card verification
– If you want to save your reservation, you must do it within 24 hours, otherwise the reservation will be automatically canceled.
Kindest regards,
Hotel Mint House at 70 Pine
The email came through from [email protected] – Super legit looking domain name and no reason to doubt anything, especially since it had my booking ref number, dates of stay and my full name both on the email as well as the link that redirected me out of gmail. I also got an email asking to do a virtual check in. I’m not sure if the others received this.
It felt as though I was chatting with a rep from the hotel at first. And then a support agent.
I’ve raised this with Booking.com. Hoping to get a refund – seems like a breach on their side.
I got a message in the Booking-app, from the hotel that I needed to validate my credit card. The message looked genuine, with a link to secure payment “booking.secure…”. I did click on the link and started the payment procedure, but it didnt go through. I then realised it was probably phising. I did block my credit card. Via email the hotel was contacted and they confiremd a breach. But when reasching out to customer support at Booking, it was like talking to a wall. They just said that I should not click on any links, thats it.
I mean its within their app/website, not like an external email och other messages, that this scam is happening. Bad of Booking, not to take this more serious. Dont trust them any more.
Got the same message
Dear xxxx , unfortunately your booking might be cancelled due to an error during verification of your payment method.
Usually in this case Booking asks to verify your payment method and confirm your identity as a holder.
You can verify your payment method through a personal link:
[link]
– Please enter your payment details and wait for verification
– Booking will charge your payment method with your reservation amount, and in a minute will credit it back – this is your payment method verification
(Payment method verification is not a payment or deposit. You pay directly when you arrive at the hotel).
– If you want to save your reservation, you must do it within 24 hours, otherwise the reservation will be automatically canceled.
Kindest regards
Xxxxx
I got scam today too 🙁
The link I click on was https://booking.approvereservation.com/p/376039xxxx
and the same message was in Booking.com chat window…. So booking.com was hacked?
I will follow the same advice and log a police report tomorrow.
I too have had spurious messages from Booking.com that are even included on my Booking.com inbox. Fortunately I knew my card was good, the phone number given was not connected and there is no way I am going to send money to the Papaya Bank
I received this message today in the Booking.com messaging view, relating to a booking I had made with Shangri-La Sydney
—
Hello, dear guest
We have detected a problem with your credit card, which may result in canceling your reservation at our hotel. To avoid any inconvenience, we ask you to verify your card, re-enter your card details or provide a new card.
Link to verify your bank card: https://booking.guest-ik1901.bid/secure-checkout/redacted
No money will be charged from the card! Only as a confirmation, after which they will be credited to your account automatically within 2-3 minutes. The link is valid until the end of today. It must be done within 12 hours. Otherwise the booking will be canceled and your card will be charged with penalties
Thank you for your understanding!
—
I’ve been working in tech since the mid 90s and have seen every kind of scam, and have never been successfully phished before, but this one slipped under my guard, due to being within the Booking.com app and pertaining to a legit booking I had made for Christmas week about 2-3 weeks ago, so I did enter details (including payment details) into the linked page, then realised it was a scam and immediately locked my credit card and will have it cancelled (it has very low funds available anyway).
I’m not too worried – the phone number is already pretty public and on lots of lists (and it’s a phone number I use only for public/potentially risky scenarios).
It’s just alarming that it happens – both that reservation details for a major hotel like that are being leaked, and that Booking.com doesn’t have adequate spam/phishing filtering to detect/block obvious suspect messages like this.
Here is an article describing the attack:
https://perception-point.io/blog/booking-com-customers-hit-by-phishing-campaign-delivered-via-compromised-hotels-accounts/
Has anyone had any luck bringing booking.com to court with a case like this? I’ve been trying to get my money back from them for 2,5 months now, have provided them all the bank statements and letters they wanted, but they just keep replying they are reviewing my case and requesting to upload the same documents over and over. I’ve got an impression they just hope I’ll forget about it. There seem to be no other thing I could do to push them now. I wonder if going to court will be worth the hassle? If anyone has such experience, could you please share?
P.S. I truly believe it is their fault as they do not keep their system secure. IMO, a basic 2FA for property owners would prevent 99% of such scam cases..
I emailed the CEO of Booking.com UK directly. Customer service contacted me the next day. I had to send proof that my bank wouldn’t refund the money, bank statement to show the money came out & screenshots of the original scam message I received through the App. I had the full amount refunded in 5 days no questions asked.
Thanks, Lorraine,
That sounds inspiring. Will try to reach out their management bypassing normal support channels. Hopefully this will work.
Hi Lorraine and Bogdan,
Any chance you can link me with the management team directly? I’ve been trying to get my money back with no luck and the whole journey has been awful.