Several users of a well-known online accommodation booking platform have been warning others on social media about a new type of phishing scam circulating online.
As per the shared information on social media, it seems that certain users have received messages through the booking platform’s in-app chat function.
These messages claim errors in the users’ bookings and attempt to coax them into providing banking card details or clicking on suspicious links to transfer money.
UK victim exposes Booking.com scam, losing £200 in phishing incident
For instance, a victim in the UK recently shared her experience on TikTok, revealing that she was scammed out of about 200 GBP (approximately US$248) on Booking.com.
She received an email from the supposed “hotel” she had booked for her honeymoon.
The email contained a link that redirected her to the official Booking.com app. In the app’s chat function, a message warned her about a potential booking error that could lead to cancellation. The victim was then prompted to enter her payment details.
Trusting the message, the victim provided her credit card information, only to realize later that money had been fraudulently withdrawn from her account.”
Malaysian Victim loses tens of thousands in phishing scam across Booking.com and Agoda platforms
Recently, a Malaysian TikToker using the account name ‘Ziet_invests’ alerted his followers by sharing a distressing incident.
He disclosed that someone in his close circle became a victim of a scam, losing tens of thousands of ringgits through both Booking.com and Agoda platforms.
According to his account, online scammers have become increasingly sophisticated.
These fraudsters infiltrate the platforms and pose as hotel owners, messaging victims regarding their reservations.
The scammers then prompt victims to update their bank card details, claiming it’s necessary to maintain the validity of their booking within 24 hours.
This urgency leads many to hastily update their bank information.
Unbeknownst to the victims, as soon as they enter the SMS One-Time Password (OTP), the money from their credit cards vanishes, leaving them helpless with no means to recover the lost sum.
The TikToker criticised that neither the customers nor the authorities in Malaysia seem to provide adequate assistance to these victims.
“Banks, don’t even think about it, because once you have keen the SMS OTP, you are deemed to have authorized the transaction ”
These FOMO inducing scams have been costing people 10s of thousands of dollars – share this with your friends and family! Stay safe and travel safe people❤️ #bookingcom #agoda #expedia #trip #tripcom #traveloka #travel #instatravel #trivago #hotels #airbnb
Security concerns arise: TikTok user questions App vulnerabilities
In the comments section, a TikTok user raised a question about how the scammers managed to easily hack into the apps, suggesting that the platform should take responsibility for such a significant security breach.
Ziet expressed further criticism, noting that customers generally assume billion-dollar companies would possess top-notch cybersecurity measures, but this unfortunate incident demonstrates otherwise.
Other users in the comment section also shared their encounters with similar scams.
Some emphasized the crucial step of double-checking with the booked hotel to verify the authenticity of such messages.
Significantly, a Reddit discussion thread from two months ago had already alerted users about a similar scam.
In a parallel scenario, a user received a notification from Booking.com’s system, stating that they had detected an issue with the Redditor’s bank card and required verification to prevent any potential cancellations.
Other Redditors promptly advised the user that it was undoubtedly a scam, suggesting that the messaging system within Booking.com’s site had purportedly been hacked.
One Redditor expressed belief that Booking.com had experienced a hack earlier in the year.
They highlighted similarities between the user’s experience and other phishing attempts that had occurred previously.
Additionally, a Reddit comment revealed numerous instances suggesting an organized process aimed at hacking hotel accounts on Booking.com.
This organized effort appears to involve sending phishing messages to clients through the platform’s official messaging system.
Singapore reports 30 victims in phishing scam on Booking.com, suffering losses of S$41,000
Notably, In a media release dated 8 October, the Singapore Police Force (SPF) highlighted a concerning resurgence in hotel-related phishing scams.
Since September 2023, at least 30 victims have been identified, collectively facing losses of at least S$41,000 (approximately US$30,365).
This issue isn’t new; earlier in February this year, SPF reported at least five scams related to room reservations on Booking.com, resulting in losses of at least S$8,800 within the initial two months of 2023.
Booking.com denied system hack
Singaporean media outlet TODAY reported Booking.com’s acknowledgment in October, where a company representative stated awareness of phishing email attacks targeting some of their accommodation partners.
“Although the security breach was not from Booking.com, we know that the accounts of some of our accommodation partners were affected.”
“It’s important to highlight that neither Booking.com’s backend systems nor infrastructure have been breached in any way.”
Booking.com issued a statement reassuring customers that the company never solicits credit card details through phone texts or emails.
They advised customers to verify payment policies accessible on the property listing page or contact their 24/7 customer service for immediate assistance if they receive suspicious payment messages.