Booking became a permanent consultation platform for travelers, mainly to search for accommodation offers, but also other services such as car rental, and even air tickets. According to data from Statista.com, more than 1 billion operations were recorded during 2023, doubling the number since 2016. ESET, a proactive threat detection company, warns that this flow of visits to the site also attracted attention of cybercriminals who use popularity to carry out various types of scams (Source ESET Latam).
ESET analyzes the most common scams that occur around Booking, how you can protect yourself and what to pay attention to when using this platform:
Identity fraud: One of the most frequent techniques used by cybercrime are phishing emails, in which the identity of a reputable entity is impersonated to trick the victim into believing they are in contact with an official channel. Regarding Booking, ESET has detected cases in which people receive an email where the scammers pose as an administrator of the accommodation or contracted service, to report that the payment for the reservation could not be processed, and warn that they could lose it. if it is not resolved quickly. Appealing to urgency, a constant in this type of deception, the cybercriminal provides an apocryphal link that induces the victim to make a new credit card payment to save the supposed error. This money will only reach the attacker’s account.
Chat Hack: Cyberattackers carry out phishing from the Booking application itself, but instead of sending an email, they contact them directly via chat after compromising the security of the establishments where the user made their reservation. TikTok user @tu_blog fiscal shows how he received a message on the platform urging him to make a payment to confirm the reservation. The scammer manages to impersonate the contracted hotel, and informs the victim that there was an error with the payment and that it is necessary to do it again if she wants to stay. Another variable is that card verification or confirmation of passenger data is requested.
Booking was responsible for clarifying that “neither the backend systems nor the infrastructure of Booking.com have been compromised (…). “Instead, this is a coordinated effort by attackers to commit fraud against both guests and partners via phishing emails.”
Non-existent accommodation: A large number of tourists were victims of this type of scam that used Booking’s reputation to set the trap. When the traveler arrives at the destination, the accommodation that he had supposedly reserved does not exist, or it is a family house that has nothing to do with the reservation. In this case, cybercriminals create an advertisement with photos of a house, very luxurious and at a very good price, and the victim will be able to make the payment without problems through Booking.
“Security measures and scoring systems are important in this regard, since platform service provider users can commit this scam a few times before being discovered and terminated. That is why it is essential to check references within the same website, where you can have an idea of what the offer is real, in addition to other evaluations from other tourists who have used the service. The rule that should govern is the one we usually repeat here: if something is too good to be true, it is very likely that, in fact, it is not.” comments Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Laboratory.
False job offer: You receive a forceful and tempting text message, supposedly from Booking. “We need someone to evaluate hotel reservations. We pay between €200 and €1000. The only thing you have to do is rate or like the hotel on (an apocryphal Booking link is attached here).” The truth is that the official site is not hiring people to evaluate hotels, and its personnel selection processes are not via text message either. The actual hiring method is through Booking Careers and there is also no job on the platform in which one of the tasks is to review accommodation.
This is one more case in which a job offer is exploited by cybercriminals, who use renowned companies (such as Google or YouTube) to play with the hopes of their victims, but also to obtain a very valuable return: money. or personal data.
To protect themselves from scams, Booking always encourages users to go to the official page if they receive a suspicious contact to validate the information that the supposed contact is providing. In addition, it has a section on its website dedicated to preventing scams. For example, they place a lot of emphasis on phishing and identity theft attempts, where they warn about various addresses that impersonate the brand’s identity:
[email protected]
[email protected]
[email protected]
@property.booking.com
[email protected]
@guest.booking.com
[email protected]
@mailer.booking.com
[email protected]
@partners.booking.com
[email protected]
[email protected]
As users of this type of platforms, ESET shares good practices that can be incorporated to reduce the risk of being victims:
- Pay attention to grammatical errors or the inclusion of suspicious links, if you receive a contact that claims to be from Booking.
- In case of doubts or suspicions, contact Booking directly or the accommodation that has been reserved.
- Keep your device’s security software, applications, and operating system up to date.
- If you do not have one, install a security solution, as it plays a key role in detecting and preventing scams and deceptions.
