Booking scam. Everyone can get involved. 18 attempts to register card details in a few minutes

Cybercriminals sent messages to customers of the Booking.com platform from official (compromised) hotel accounts in which the recipients of these messages had active reservations. The fraudsters claimed that due to an error, it was necessary to update the data or pay for the stay by bank transfer (to the account number indicated in the message). Now the scam is back in a slightly changed form.

A scam that is very easy to fall for. Are you renting an apartment or hotel? Be careful

The pattern is the same and initially it is difficult to recognize that we are dealing with an attempted fraud. Poles receive messages from official hotel accounts, which were often taken over as part of separate frauds. Criminals claim that there was a problem with collecting the payment for the accommodation from the payment card saved in the system and ask for a new card number so that the payment can be processed and the reservation maintained.

The messages are sent to potential victims directly in the chat of the Booking.com website or application and contain the name and surname of the booker and correct reservation details, including: the name of the hotel used by fraudsters. Moreover, as screenshots of messages received by our editorial colleague show, criminals carefully prepare the content of these messages and avoid mistakes.

At first glance, it is difficult to recognize that we are dealing with fraud here. Especially when we recently changed our payment card or modified online payment limits. Our interlocutor draws attention to the fact that she has often encountered quite strange practices from hotels in the past, which have now reduced her vigilance.

Attempted ‘Booking’ fraud photo: screenshots

At the first moment [wiadomość – red.] I was a bit surprised, but I checked and it was true – I had a card connected to Booking that had recently expired and I didn’t change its details to a new one when making the reservation. My vigilance was also reduced by the fact that I regularly book accommodation through Booking in Germany and they often ask for strange things in messages – I once paid city tax via a separate link or was additionally asked to check-in on the hotel’s website. And besides, it was a message from the hotel on the official app, so what could go wrong?

– describes an editorial colleague. She adds that a moment later, she was contacted via WhatsApp by an alleged “hotel manager” who also tried to explain what she should do.

One detail reveals the fraudsters. Be careful where you enter your payment card number

Scammers try to guide us step by step through the process of providing new data and paying for the hotel reservation. Of course, they attach a link to the message, leading to a website that closely resembles the Booking.com subpage. Providing data on it is tantamount to sending fraudsters the card number with the expiration date and CVV code, and this is all the data needed to use the card for online payments. It is the presence of a link to an external website (although impersonating Booking) that should raise a big red flag.

Of course, immediately after providing the card details on the fraudsters’ website, the person concerned received a request from the bank’s application to accept a transaction for the amount of EUR 150. However, she was surprised by the recipient’s name, which did not match the name of the hotel or the platform through which she booked the accommodation. She decided to decline the payment, block her card and contact her bank. The consultant informed her that over the next few minutes there were 18 different attempts to register card details at various places on the network.

Fortunately, in this case, a quick reaction meant that none of these attempts resulted in money being withdrawn from the account. However, one of the YouTubers was not so lucky, he encountered exactly the same fraud attempt, but lost about 4,000. zlotys. Cybercriminals used his payment card to make purchases in an online electronics store in Austria.

How not to be deceived? Check the address of the website you are logging in to

If you receive information about possible problems with payment or the need to complete data, it is worth acting calmly and carefully. We may hold off on providing the data for a while and carefully analyze the content of the message. It is also worth paying special attention to the link address, which usually only superficially resembles the address of the Booking.com platform. Possible requests to provide any data or make payments on external websites (even if they actually come from the hotel) are not good practice and should make us vigilant.

It is also worth explaining that in case of problems with the card, Booking.com should contact us directly on behalf of the hotel and ask to change the payment card number. However, not on the external website to which the link is provided in the message, but directly on the website at booking.com or in the platform’s mobile application. Below you will find an example of a real message from Booking asking to update your card number:

A real email asking to update your card number from Booking.com photo: screenshot