You’ve booked the hotel and you’re starting to look forward to your break when you get a message telling you to make a payment, or give your credit card details, to secure your holiday. It’s come through the Booking.com app, or in an email that looks legitimate, so you get out your credit card in panic and pay.
As the summer holidays get into full swing many of us are primed to hear from travel providers – making it open season for scammers.
One of many holiday-related frauds preys on customers who have booked somewhere to stay via the platform Booking.com, either via its website or app.
In the UK,Action Fraud received 532 reportsof the scam between June 2023 and September 2024, with victims losing a total of £370,000.
It says that it is likely hackers are using phishing attacks against accommodation providers and then using the details to contact customers – sometimes via WhatsApp but often through the real Booking.com platform. This means the usual things to look out for – odd email addresses, or texts, may not apply.
Cases seen by Guardian Money have typically involved the theft of several hundred pounds.
The global nature of the platform means it can happen to you wherever in the world you live, or plan to holiday. Regulators in countries includingAustraliahave warned of the issue.
Booking.com said: “Unfortunately, there is an increasing number of online scams targeting many businesses operating in the e-commerce space. With the rise of AI, cybercriminals are able to create increasingly sophisticated scams.”
It said continually invested in cybersecurity technology, and incidents on the platform were rare.
The message may say that your payment details need to be verified, or that there has been a problem with your card. It will try to make you panic by telling you your accommodation will be cancelled if you don’t respond – it will probably give you a deadline to act by – usually a few hours away.
There will be a link in the message for you to click on to give your card details.
A separate scam also preying on would-be holidaymakers involves fake Booking.com web pages which are used to trick people into downloading a malicious file that gives criminals full control of your device.
The technology firm HP Wolf Security says scammers are emailing links to the pages and visitors are asked to accept cookies before they can see the full site – it is when they press “accept” that the file downloads.
A payment, or credit card details which the scammers say will just be used to pre-authorise or verify the card before your stay. They then charge it.
Try not to panic about your holiday and don’t respond until you’ve checked the message is genuine.
Booking.com advises: “Always double-check the property’s payment policies listed on the booking page or in your confirmation email. If there is no pre-payment policy or deposit requirement outlined, but you’re asked to pay in advance to secure your booking, it is likely a scam.”
If you are in doubt, contact Booking.com’s customer service team and/or the accommodation provider directly.
Be suspicious of any links you are sent. Genuine payments will be made on the Booking.com app or website – you won’t be sent to another site.
Look out for common fraud tactics and giveaways. “Scam messages often include urgent language and may contain spelling or grammar errors,” Booking.com says.
If you have put your card details into a site, call your card provider. You may need to block or cancel your card.
Booking.com also advises enabling two-factor authorisation on your account