It has come to light that the travel booking website Booking.com has been targeted by phishing attacks across the globe. Recently, over 100 hotels in Japan were reported to have fallen victim to this fraudulent scheme. According to Japan Today, some hotels have received complaints from customers claiming they lost money after booking through Booking.com. The Japan Tourism Board has requested an investigation into the matter due to the frequency of reported incidents.
This issue is not limited to Japan, as CNN reports that a user in Porto, Portugal also encountered a similar scam. The user received an advertisement with positive feedback and attractive prices from Booking.com, which was later proved to be a scam.
The victim received a message a few days after booking, claiming that their card was invalid and that they needed to enter the card information again to resolve the issue. However, after providing their card details, the victim was unable to contact the other end and had fallen for the scam.
Cybersecurity researcher Piyokango conducted an in-depth study on the matter and discovered worrying data about these attacks. Since June 2023, 118 accommodation companies have been victims of fraud. Hackers sent emails to hotels to gain access to confidential Booking.com content, containing a malicious link that, when clicked, infects the computer. Once the hackers gained access to Booking.com’s system, they sent a payment request to the customer. Unsuspecting customers paid the amount requested but later received a notice that their stay had been canceled due to non-payment.
In August 2023, a hotel received an email complaining about an allergic reaction to a customer’s daughter staying there. An employee at the hotel clicked on the link, and the hacker gained access to sensitive data. The hotel employee stated that the hackers took advantage of the hotel’s eagerness to accommodate their customers’ requests to carry out the attack.
Although similar cases began in Europe in 2022, the problem has since spread to other continents. In December 2023, Booking.com announced that the company does not ask for payment details via chat or email, and customers should be cautious of any such requests.