Following reports in British media of people being tricked into a scam involving holiday accommodation platform Booking.com, users of the site in Belgium are also being affected.
Users of the popular hotel website Booking.com have been urged to be extra vigilant as for months people booking overnight stays have been falling victim to sophisticated fraud after a hack of Booking.com’s email system.
The British news organisations The Guardian and Sky News reported that many customers who had either checked in or were due to check in to a hotel or flat they had reserved using Booking.com had been scammed using an intricate fraud scenario.
Seemingly genuine
The deceptive emails are sent from the standard email address used by the platform –noreply@booking.com – and contain a message saying that the payment has not gone through. Recipients are informed that their stay may be cancelled unless customers provide bank card details via an embedded link. Notifications of the email have also appeared in the company’s app on mobile phones.
In all cases seen by British media, the email contained the correct information about the reservation that had been made, complete with all details about the stay, including the correct dates, making people believe it was genuine. Belgians have also already been affected by this phishing scheme, De Morgen reported.
An example of a fraudulent message sent in the app of Booking.com, asking for another payment. Credit: X
There have been many reports on social media platforms such as Reddit, especially since September. Many people from Spain have also spoken out about being the victim of this phishing scam.
Booking.com has denied its system has been hacked and has instead blamed the messages on breaches in the email systems of its partner hotels. Hackers are reportedly not attacking the booking site directly but are striking through the accommodation venues that advertise on the platform. As a result, the question of which party bears the greatest responsibility is divided.
Booking.com did several days ago publish information on its website about the phishing scam, including instructions on how its partners can better secure themselves.
Related News
- Telenet and Proximus block millions of suspicious text messages with new AI tech
- Belgian fraudster receives three years' imprisonment and €312,000 fine
It told partners that if it detects suspicious activity in extranet accounts, it will immediately disable the ability for this property to include links in any messages that they send to guests via the Booking.com platform. "This is to prevent cyber criminals from impersonating you and exploiting this messaging channel to send fraudulent payment links to guests, particularly in the event of a phishing attack on your property."
Customers in Belgium have been urged not to pay through a link in a message and to contact the hotel or Booking.com directly if they receive such a message. They should also always report suspicious messages at verdacht@safeonweb.be.
