Even the most alert person can sometimes be scammed on the internet. Although it’s easy to mock those supposed Nigerian princes wanting to share their wealth, one does tend to be a bit more believing when the email or phone messages contains real information that only a legitimate sender ought to have. One such scam appears to be taking advantage of the Online Travel Agency Booking.com.
According to the Spanish blog InfoViajera – and dozens of reader comments – Booking.com appears to have been hacked. After booking a hotel or apartment through the Online Travel Agency, the guest is being approached – often via Whatsapp message – informing them that their payment has been declined. As a result, the “property” is asking them to make payment outside of Booking.com.
Many readers would undoubtedly notice the red flag and delete the message immediately, except that it typically contains:
- The full name of the guest
- Their phone number
- The property being reserved
- The exact dates of the reservation
- The exact amount of the reservation
And if you are accustomed to having online credit card payments declined from time to time – especially in foreign countries off the beaten track – then you can easily fall into the trap.
Luckily, no InfoViajera readers appear to have fallen into the trap. One message mentioned a problem with “Mactercard” payment systems, an obvious scam, albeit one that you could easily miss.
What is Booking.com Doing About It?
When contacted by InfoViajera readers, Booking.com claims that all is fine. Disturbingly, however, the prevalence of this scam suggests that:
- Booking.com has been hacked – allowing somebody access to Booking.com reservation information
- Dozens of smaller Booking.com properties have employees operating (or falling for) a phishing scam
I can’t think of any other access point for somebody to obtain every relevant detail of your accomodation reservation…
If you are asked to make payment outside of the booking platform, it is surely a scam. Even so, some scams look more realistic than others…
Have you received a similar message after making a reservation? Let us know in the comments section…
I just got an Email from [email protected] today telling me: “During routine security monitoring, we discovered that your login credentials may have been compromised via another site unconnected to Booking.com” blah, blah, blah. So yeah, I guess they were hacked?
I have been victimized of a similar incident on Booking. com.
Can someone please help on this?
foo bar says
Yesterday I got a message notifying me I someone logged into my account from Ashburn, United States. Considering I have a 25 character random password, my assumption was that they have been hacked.
Have received messages via What’s App from Moldova and Kyrgyzstan stating they’re from Booking.com and asking me to verify details. Booking.com are not very responsive and also difficult to find ways to report this. I did contact the hotel directly to see if they knew of anything and to reassure them I am coming along.
I made a reservation via Booking.com on 12.01. Today I received a message on Whatsapp from someone calling me by my full name and claiming to be the administrator of the hotel where I made the reservation (full name of the hotel included in the message). The “admin” demanded some answers regarding the number and the name of the guests, the time of arrival, if I wanted transfer from the airport. What caught my attention was the UK prefix of their phone number because my reservation was in a totally different country. So I told the “admin” I would reply via Booking.com chat. Which I did. Then I received a message from the manager of the hotel on Booking.com chat who mentioned that there is a data leak at Booking,com and I should not click on any links received via email or Whatsapp.
Tracy Heppell says
I’ve had exactly the same thing today 1st March 2023 asking for synchronisation of payment. I refused and they told me I wouldn’t be able to stay at the hotel!! Great customer service and a huge red flag that this is a scam.
Hotel owner says
The article has a mustake.
It’s not booking.com who has been hacked. The hotel has fallen into a fishing scam.
The way they operate: the hackers making a reservation via booking.com and contacting the property through booking.com App asking the hotel representative to speake with them via email then they send a link to the hotel which allows the hackers to gain control of the computer of the representative of the hotel who pressed the linked.
Then the steal all username and password of the hotel which was saved on the computer.
I know this because I have a hotel, and I’m a victim of the same hackers.
Craig Sowerby says
Makes a lot of sense. I haven’t seen too many people with issues at major hotels – just small ones where a phishing scam is more likely to work. Thanks for sharing…
Received WhatsApp message imposing as hotel manager asking for prepayment. Very official looking message with all correct information I.e reservation number etc…and payment link was the same as Booking.com payment page. The payment actually went through as a wire transfer to Nigeria a few days later. Contacted the hotel and they said it happened before
I also got a message on booking.com saying I would be contacted by one of the property managers on WhatsApp to finalise a payment and asking for money. My experience in trying to report this and sort it out has been absolutely awful and booking.com have been useless, failing to even recognise there has been a clear data breach. It seems they are covering it up and if so legal action needs to be taken
I agree. Customer Support did not even try to help me. Afterwards I received another email asking me how satisfied I was with their support.
Same thing happened to me on the 23rd, I believed it as all my holiday information was on there. I paid and I’m gutted. The bank won’t refund me and Booking.com have not got back to me after I mentioned my details all being compromised. I don’t know what to do.
I’m so sorry to hear this. Repeat it to action fraud and get a crime reference number. Hopefully the more people that report it the more a case can be built against these guys and booking.com, who have clearly had a massive security breach and are doing absolutely nothing about it. Don’t stop bugging booking.com, it is relentless and so time consuming but don’t drop it as this is entirely their fault. I am currently in the process of trying to dispute mine too but they are being so awful.
I wonder if there is a news agency that would pick this up? Highlighting the amount of victims there has been and the complete lack of security and communication from booking.com.
IT Company in the Netherlands says
I highly doubt it. We are managing IT for hotel’s in the Netherlands, with tight security policies applied, multifactor authentication (phonecall) to the extranet implemented, and are using complex passwords.
Still, last week, we are hacked.
Dozens of guests are contacted by whatsapp. On the PCs we are using for booking.com’s extranet is no trace of malware nor any other breach found. The login-history of booking.com has no unknown logins listed.
Booking.com is pointing us to a local infection, but, since we use phone-auth to login, this simply can’t be the case.
An unknown login should be listed in booking.com’s login history, if the attacker did not use local pc’s to send these messages.
All this leads me to the assumption these messages must be sent from booking.com’s extranet itself.
My company in Lanzarote has had exactly the same experience. We use SMS authentication to access Booking.com, and around a dozen of our Booking.com guests were contacted the same way described by other users. I was beginning to think it had been a local security problem, in our PMS or in one of the connected tools, but reading your comment I’m now back to thinking that the problem might indeed lie on Booking.com.
It all started on January 26th and I yesterday I went to the police to report it. I guess if more people do the same hopefully they’ll get to them eventually. My guests have been contacted via WhatsApp by a UK number and a Lithuanian number (an also via Booking.com’s extranet).
Have you been in contact with booking.com? Have they said whether it was a cyber-security breach on their part or are they not saying anything yet?
IT Company in the Netherlands says
We did, where they repeatedly answer that this problem is not at their end.
(all replies start with that statement)
After that, a pre-formulated text with probably causes is pasted into each reply.
I can see that by the different font beeing used for this text.
They state as probably causes;
Approach #1: The attacker creates a fake Booking.com reservation, either from a fake guest account, a compromised legitimate guest account, or without any account but with a fake email address. They use this booking to contact the partner via ‘P2G’ Chat Platform and request for the hotel’s direct email address, or they give their “fake” email address, so that the hotel can contact them directly outside of the Booking platform.
Approach #2: The attacker directly contacts the partner via the partner’s email without a fake reservation.
During these communications, attackers send a ‘phishing link’ with the request to click on it. Some partners have clicked this link, downloading a malicious file which infected their device with malware. This malware enabled the attackers to gain access to the partners computer.
The attackers then primarily gain access to the guest’s phone details, upon which they send a WhatsApp message to the guest, asking them to provide their credit card details for (partial) payment to secure their reservation. Additionally, the attackers sometimes gain access to the partners Booking.com Extranet account and remove access to it from the partner. They do this by changing the email, phone number, and 2FA details. This allows them to further access customer personal data and credit card data.
#1 has not happened. Nobody has been contacted nor had contact with anyone regarding booking.com’s reservations.
#2 i cannot find any trace such occured.
I have. I reported it to my account manager and yesterday I got an email from their “Security Team” telling me that “After a complete review, we cannot currently confirm any unauthorised activity on your account.”, which doesn’t really tell me much.
So are you suggesting that this could be a cyber- security breach?
IT Company in the Netherlands says
Yes. And logical thinking directs to booking.com beeing somehow comprimised.
I have 25 years of IT security background, and these PC’s at our Hotels are not infected.
(unless proven otherwise)
Only booking.com reservations was affected. Other agencies like Expedia and guest with personal e-mail address were not affected. This means Booking.com was hacked.
Craig Sowerby says
Or that the hackers have found a vulnerability specific to Booking.com that makes their phishing efforts at the hotel level more successful…
We reinstalled windows, reinstalled virus scanner. Created a new account for booking.com, changed the email password. Our guest still get messages from the scammers. This means booking.com is hacked.
We reinstalled windows, reinstalled virus scanner. Created a new booking.com and and changed the password of our email account. But our guest still get messages from the scammers. This means booking.com is hacked.
I’ve had the same email after booking a very reputable hotel Sweden.
Cacey S says
I keep getting told that a bot based either in London or Bulgaria has signed into my account and to click the link here.
I have 2 factors authentication and a 25 char password. Booking.com have been useless when I contact them. I’m thinking of deleting my accounts to be honest.
Any advice please ?
Received a WhatsApp message asking for payment synchronization – for me to input my details again. This is a highly intelligent phishing scam – they had all my personal information (reservation number, booking dates, full name), and the payment link webpage’s UI looked almost identical to Booking.com. Furthermore, clicking to sign-in to my account from the scam page took me to what appears to be the real booking.com which had my details cached.
I am trained to identify phishing scams for my job, but unfortunately this will target many Booking.com customers who will fall victim.
Are you still able to report it to Action Fraud? The more people that report it the more likely a case can be brought against the scammers and booking.com in order to compensate the victims.
I contacted the CEO of Booking.com per Claire’s post and was immediately contacted by their Customers Service department. After a few exchange of emails with screenshot of the WhatsApp messages to confirm that I was indeed scammed and that my debit card issuer would not dispute the charge, Booking.com refunded the amount to me. It was done quite efficiently (within a week) and I am happy that it all came to a satisfactory conclusion.
I also have received e-mail coming from “Booking” telling me to confirm my card – with my full name and whatsapp message on my phone number from this number +44 7842 077739 plus name of the hotel where I have a booking and amount I have to pay for my reservation – so really A LOT of correct data (stolen from booking.com or the hotel – this I don’t know) PLUS when clicking the link it was a copy of booking.com website. PLUS the same message as from the e-mail, in the chat with the property on booking.com – this was the worst part.
Gloria Reid says
I received a similar message today on my Booking.com app – wanting me to input my card details again for a one night stay in a hotel next week in UK. Claimed if I did not do so within 24 hours, the hotel might cancel my booking. So I rang the hotel and they knew nothing about it. Then I rang the Customer Services number on the Booking.com App (rather stupidly!) to ask if they had been hacked. Man I spoke to was on a very bad line and would not tell me where he was ringing from. Kept insisting my bank card had been declined and they needed my cvc number to put my payment through. But the hotel told me that they had my card details and were expecting me to pay on arrival.
I discovered that the person I spoke to in “Customer Services” was ringing from Singapore. Am I paranoid, or is this dodgy?
Craig Sowerby says
It looks a bit dodgy to me. Do you remember if you booked a “pay at hotel” rate or a “pay Booking in advance” rate? If it was “pay at hotel”, you are being scammed.
I rec’d a WhatsApp today from someone purporting to be manager of a hotel in Montenegro that I reserved via Booking.com last December for this May asking for all my credit card details so I could pay all now via PayPal (tho I knew no payment was due until May and then it would be via booking.com) and when I balked and said I wouldn’t send them the Visa info they changed their tune and sent me my credit card number and expiration date (on WhatsApp!!!) and name saying they just needed the security code. I contacted Booking.com and the hotel via Booking.com and neither knows anything about the WhatsApp contact and both agreed it was totally wrong, so I guess I should cancel my credit card, though Visa says there have been no attempts at charges yet. All I can think is someone got my data from the hotel’s computer and was trying to use it, especially as no one else here mentions the scammer already having your credit card number!
Craig Sowerby says
Yikes. That is definitely worse than what others are mentioning. It does seem more likely than not that the issue is on the hotel’s end in this case.
I would cancel your card. Since the security codes are only 3 digits with Visa, it wouldn’t be terribly difficult to guess 999 times. (although your bank would probably cancel it anyhow after a few failed attempts)
Thanks Craig, I did cancel the Visa card and thankfully Visa hasn’t been charged oddly so far as I can tell, but to the others, I doubt Booking.com is going to do anything. I’ve heard nothing from them and it’s been several days, plus because they had the amount and name of the hotel and my credit card # and expiration date, I think it may have been a scammer/thief on the hotel’s end (they seem to be blaming Booking.com however as the hotel wrote me back “It is very strange,a few reservations in the last few days through Booking.com was also like spam or smth.with attach.which wore some virus. They must put better security.”)
Please eliminate my last name from my reply, thanks!
I also suspect them of getting hacked. Got a notification today that my saved credit card with booking was misused.
I have not given my credit card details to many websites, so booking is on my very short list. I exclude Google. Maybe Garmin is also on my list because yesterday they had an outage.
Craig Sowerby says
Ironically enough, one of my cards has inexplicably stopped working lately and I was starting to wonder why… But I just can’t recall whether I used it to guarantee a recent Booking.com booking. No attempted Whatsapp messages though…
I have been the victim of a crime and fraud and through no fault of my own was defrauded of 1836 Euros. On January 29th I made a booking via Booking.com for a hotel in Venice. When I received the booking confirmation from Booking.com I also received the following message:
Hello !!! Thank you for booking our apartments. Please contact my manager to complete registration and confirm your reservation. What’s App +37064718907 Alisa. We will send you all the necessary registration information. Please note that you will need to write and send What’s Ap…
29 Jan 2023 (Please see attachment for full message)
I sent this person a whattsap message as I thought it was needed to confirm the booking and because it came directly from the Hotel’s messaging system via Booking.com. This person did not respond to me until Feb1 2023. She said that there was an error with my booking and she sent me a link in order to confirm my payment. I clicked on the link and the payment did not go through. The link had the booking.com logo and a chat box bot was also open on the right of the page. I typed into the box that the transaction wasn’t going though and could they help me. The chat box said that I needed to refresh. I did this twice and then the chat box confirmed that the booking was confirmed.
At approximately 15:42 PM I received an email from the hotel via Booking.com stating that their website on booking.com had been hacked. I should contact my bank.
I contacted the bank immediately and they cancelled my card. I also had to cancel my hotel booking
I am extremely stressed and upset about this incident and it has left me feeling very vulnerable.
I do not see how any of this is my fault as Booking.com failed to protect the safety and security of its customers by allowing their website to be hacked. The Hotel has contacted me via Booking.com to state that they were hacked and I must follow up with the bank and legal authorities. They are also following up with the legal authorities in Italy. When I called the Hotel they told me that more than 1500 people have been scammed and my booking was cancelled. I am interested to take legal action and would like to know if anyone ele has been affected. I am so traumatised and psychologically damaged from this incident.
Hey! I am in the exact same position as you, the exact same thing happened to me. I am currently awaiting a response from booking.com about what they are going to do about the situation as I too would like to take legal action. I agree it is not our fault but rather the fault of booking.com to protect our details.
Have you got in contact with booking.com as well? They have been useless with me and said it can take up to 10 days so I am still waiting. Report it to action fraud and get a crime reference number as well! I completely empathise as I am in the exact same boat and am so beyond angry with booking.com and their useless customer service
I have contacted booking.com and they said that they have escalated the matter to their internal team. No mention of refund or what they will do. I believe they must refund us total amount we have been defrauded as well as issue us compensation for the money we lost on having to book other hotels and the mental stress this is causing. They have enabled our security and privacy to be breached and it is just appalling. I would be interested in taking legal action if this is not resolved in the right way. Is there any way that we may know who has been affected so that we can get together and take a plan of action?
I got the same message a week ago but the hotel blames booking.com and visa versa. They keep asking me for a merchants name and the amount I sent to the hotel!!! I keep saying I was scammed, the hotel didn’t get the money it was the scammers. Reading all the above comments makes me feel less foolish and alone but I really need my money back! I would definitely participate in a plan of action, media coverage maybe??
I have received an update today from Booking.com in which they will refund me the payment. Fingers crossed. I’ll hold my breath until it’s in my account. I emailed the CEO which I think helped. His email is: [email protected] I wish you all the best. Keep pestering them by phone and email.
That is such a relief they have refunded you! How long ago did you first raise this with booking.com? I am wondering how long it may be until they get back to me
I have been calling and emailing them twice a day since February 1 when the incident happened. I emailed the CEO and all top executives yesterday and got a call in the middle of the afternoon to say I would be refunded the total amount. I wish you all the best. Just keep pestering them.
That sounds encouraging for all of us too Clare, I have just emailed the CEO as you suggested but other emails are hard to find. I keep being asked for the Merchants name!!! There is no merchant it was a scammer. I feel like I am banging my head agains a brick wall. They know this has happened and would hate it to hit the news. Please let us all know if you get refunded.
I’m still waiting for the refund to be sent to my booking.com wallet. Then I must download it to my card. That seems to be how they refund. They said it takes up to 7 working days. Will let you all know
Same for me. A hotel sent me message via Booking app to transfer money as prepayment to some weird account, and to whatsapp a screenshot once transferred. I know it’s a scam bcos i stayed there many times and they have never done such a thing. And the replies by the “hotel” are very un-customer service. I know not to transfer. Hotels don’t do that. If legit prepayment they can just hold the amount in my credit card via booking.com
I emailed the hotel’s email address, and they replied they changed policy and it’s not a scam lol. So i guess even the hotel’s email was hacked.
So now i’m waiting for Booking.com’s customer service to reply me.
Same thing happened to me yesterday. I was spitting some pretty serious language on Reddit (on the South Africa sub)
Happened with WhatsApp message…UK number. The guy is even smiling on his profile. What an asshole!
Just had email from Spencer miss chief security officer. He knows about the situation. He said they are working on a backlog of incidents and I will get a response when it’s fully investigated. At least I have a decent reply and feels a little more promising. I recommend anyone struggling to get answers email him. He got back within 2 hrs of me emailing the CEO like Claire 🤞
Thank you for this article! The exact same thing happened to me and right now this seems to be the only place Online where you can follow the process. I believe the backlog must be massive so I can only wait for Booking.com to get back to me.
Craig Sowerby says
Yes… many thanks to those people sharing information about their cases and what they’ve done to get Booking.com involved. (and please be patient as I have to manually clear many comments from our spam blocker before they can be seen online – how ironic!)
My saved virtual card that I use only for booking has been compromised as well, which led me to this article. 2 payments from different shops in the US were attempted (one of them is labeled « g squared holdings » the other one is general) Hopefully the CVV was wrong and I could block the card after I received an alert. Booking is definitely hacked
They are still at it. I received an email yesterday asking for payment confirmation for a booking I have in May . This was followed up by a message on WhatsApp from ‘Maria’ from polish number +48 725 649 380 , which came back as a business account. Firstly, asking if I wanted parking at the venue, which I ignored. This was followed by another stating that I must respond or my booking would be cancelled. I replied asking why would it be cancelled, Maria replied that there was an issue with my payment card.
I rang the hotel direct who confirmed my booking and they told me it was a scam. I reported it to the real Booking.com , they were remotely interested.
I then received another email from fake ‘booking.com’ to my email address asking for payment confirmation, concerning this requested was followed up by a message within booking.com site.
The scammers seem to have access to Booking.com website. I have since changed my password.
I fear many people have fallen for this scam as it can seem genuine and real Booking.com are not doing enough to warn and protect their customers
We found one when looking to book in Amsterdam yesterday. After booking an apartment with booking.com we emailed a message about the property. Even though we had a confirmation email and pin we received a message saying our booking would not be confirmed until we completed registration of all our details with their manager via WhatsApp. Straight away I thought this might be a scam as we had been scammed by a fake property once in Melbourne.
I rang booking.com help and was told everything looked ok and it was safe. I still did not believe it.
We also noticed the dates for our booking still available on booking.com ….second alarm bell
Then I google searched the address and found that address was a hotel with a different name and photos….third alarm bell
We wrote back and said we won’t deal through what’s app and they cancelled our booking.
In the morning that property was no where to be seen on booking.com
Claire Day says
Went on to booking.com last night and received a quote for a holiday this summer. I input all my personal details including all relevant info including dob etc of travellers in party and address details. I got as far the payment option page then paused as wanted to confirm with husband before booking. This morning l I received a call , supposedly from booking.com, offering me a decent discount if I were to go ahead with my booking and pay over the phone. What’s more, the caller knew every detail about my holiday quote including flights, passenger ages, my contact details. I have flagged to booking.com today but not getting very far, without a booking reference, as I did not finalise the booking. Clearly very worrying as a great deal of my personal data was shared in irder to proceed through the booking to quote stage and choose flights etc.
Has there been any further communication from booking.com officially announcing this potential security breach? How is this treating customers fairly?!? I would never have gone near this website if I had know about a security breach!
Craig Sowerby says
Yours is the scariest case so far… Thanks for sharing.
I was just approached on whatsapp too
They had the precise info as noted above.. crazy.
I was sure they were valid cause who else would have specific booking info that was supposed to be protected.
Who do we complain to here?
hotel owner in colombia says
my property was hacked I want to make a complaint for impersonation, fraud, fraud against booking.com
I am the owner-legal representative of a hotel in barranquilla-colombia and I have been working with booking. com for 12 years a client made a reservation for the day February 16 with departure February 17 reservation number 3889168946 was identified as Robert Martini Swiss nationality and contact number +41442201515 a reservation for 4 people in a family room, this person through the booking extranet sends us a message in which he tells us that his name is Robert Martini and has 72 years that plans to visit us with his wife and are from Switzerland that please send us our hotel email to contact us,
The email we received arrives in the name of Robert Martini from the email address [email protected] and says that he and his wife are coming to celebrate their wedding anniversary, that he is an elderly person, he says he is 72 and his wife is 69 and that it is difficult for them to locate themselves in an unknown city and that they made a detailed map and need help to plan their route and get to the hotel with confidence, they attach a compressed file in zip format called myphotosmap.zip and leave the note that this file does not open on the phone because it is in a Windows folder and that I can only open it from the computer,
in view of this request taking into account the age of the person we agreed to open the file to see how we could help him because he was an elderly person, when we opened the file nothing happened so we wrote to the person that we could not open the file and told him that when he came we would help him with his request, this happened on February 1st at 11:30am, we verified that the file was deleted from the computer and nothing happened that day or the next one,
on february 3rd at 9:32am an email arrives from booking.com saying that a new administrator was added to our property and that the email address [email protected] now has administrator rights in the property and that they have full access to the booking.com extranet and the pulse application which is the mobile application from where you can also manage everything related to the hotel.
the following email we received at 9:33am where the booking platform told us that your user account has been removed and that we will no longer have access to the extranet for the hotel and that we are not on the list of users of this property.
Then a series of emails from google started to arrive warning us about a security breach and that we were victims of a hacking
hotel owner in colombia says
We acted immediately and closed the google session on all devices and changed the password, we get a series of messages from booking where they are changing the contact information of booking and our email is removed from the account at this time they take ownership of the property on the platform.
We immediately called the booking.com customer service line at +576014192623 and we were attended by the service agent juan millan and it is manifested in this call that lasted more than an hour that a booking.com customer through your booking contacted us and sent a malicious email with a file that hacked our computer and took access to the platform booking. com platform to impersonate us and steal customers by sending payment links to the cell phone numbers of customers who have reservations asking them to pay for their reservation and also steal their credit card information because people believe they are making the payment to a hotel, the booking customer service agent is told to immediately close the property to prevent more people from falling into this type of scam and is warned that all people who make reservations from the time of the hacking that was 10am are fraudulent because these criminals opened availability for the date of the carnivals of barranquilla which is in high demand and began to receive more and more reservations, the booking agent says he can not close the property of the page because he has no way to verify that I am the owner they have to make a call to the number that is registered at that time in the property which is the one that changed the hackers and they do not answer it only have it for whatsapp and from there they contact customers , I kept calling the booking page all day and night telling them that they were being complicit in a scam by not closing the property and allowing these criminals to continue capturing customers to steal from them and they ignored all the people who answered the calls in the customer service office.
The booking service agents that answered all had the same answer that they could not close the property due to their security protocol and that they raised the complaint to the fraud area to investigate and be able to close the property. I reported this case immediately and it is a failure of the booking platform not to have immediately closed the property and thus prevent more people from falling into the scam,
The alert was also sent via email to [email protected]
And it was also sent to the email [email protected]
I made a hotel reservation today through booking.com and a few hours later received a secure message through the booking.com message system telling me the system has been either in and all payment cards reset. It asked me to scan a QR code to reenter my payment info or else my reservation would be cancelled! I contacted the hotel via email and they confirmed this is indeed a false message.
My wife made a hotel reservation in Amsterdam and a couple days later received a WhatsApp message. As other victims have noted, this included all the details of our stay, reservation number, etc, and a request to provide credit card info as some sort of pre-registration check. My wife got suspicious and asked to get the request via booking.com, thinking this would prevent problems. Indeed she got a message through booking.com repeating the request.
Oddly enough, the message also said that booking.com has been hacked and not to provide payment info. Almost as if the hotel has added it to their message signature??
The payment website at booking.top (not .com) looked just like Booking’s site with all the relevant info of our stay.
My wife eventually called the hotel at the number on their website and was told if the booking.com hack and not to provide those payment details. She has blocked the WhatsApp.
But now, with many hotels on a trip all reserved through booking.com, we are expecting lots of problems while traveling, cancelled credit cards while out of town, etc.
Last week I got a fraudulent charge on a card that I used only twice since I got it in 2019. Used it on Spotify and Booking.com. I immediately suspected Booking.com because how sketchy they treat their customers (I stopped using them ever since). Then my wife got a fraud alert from her card issuer a couple days ago, she also used booking.com last month. So I think booking.com probably had a leak.
Anyone know the legitimacy of this message I got today:
We thank you for choosing our hotel Mercure for your next stay in Paris.
Since your reservation is a prepaid rate, we need to send you a link to proceed to the prepayment of your stay.
Could you please send us an email to [email protected] in order to send it to you ?
Thank you in advance,
Craig Sowerby says
If prepayment was required, the hotel would just charge the credit card used to make the booking. They would have zero need for you to email them for a payment link.
Interesting that this scam has affected a major hotel from Accor as well. Did you book directly or via Booking.com?