Phishing scam catches Booking.com customers through official messaging system
Booking.com customers from around the world are reporting receiving phishing emails from the Dutch company’s official mail and messaging systems. After reserving accommodation through the website or app, affected customers receive an email from Booking.com’s official email address saying their reservation will be canceled if they don’t provide their bank details via a link in the email. Some people were asked to make another payment for verification, NOS reports.
Notifications of the phishing emails also appear on Booking.com’s official app. The company told NOS that its systems haven’t been hacked. According to Booking.com, the problem lies with the individual hotels’ systems.
That seems like a likely explanation, cybersecurity Heimdal told the broadcaster. Criminals hacked into the hotels’ systems and sent fraudulent emails. These ended up in the Booking.com app’s message box through the systems hotels use to communicate with customers who book through Booking.com.
Reports of phishing through the Booking.com systems have come from Great Britain, France, and Singapore, among others. In Singapore, the police reported dozens of victims.
Booking.com told the British newspaper The Observer that it was taking the matter seriously. “While neither Booking.com’s backend systems nor infrastructure have been breached in any way, we are acutely aware of the implications of such scams by malicious third parties to our business, our accommodation partners, and our customers,” the company said. Customers with concerns can contact Booking.com’s client services department.