BOOKING.COM HAS NOT taken responsibility for a message, which was sent through its own built-in messaging service, which attempted to scam a customer out of their money.
The Journal has learnt of a scam where accounts of real accommodation listings were being used to send messages to customers.
A message sent to one user said the company had updated its financial systems and requested “additional card verification” through a link that was off of the Booking.com platform.
While Booking.com has not accepted responsibility for the hack, it acknowledged that the property owner in question had been “targeted by phishing messages from criminal, external third parties, which in some cases has impacted their own systems”.
The user began filling out a form which was sent to him through the accommodation’s account but luckily noticed that the link was fraudulent before submitting the form with their card details.
The form said it was to use the card details to take over €600 from the user in a “microtransaction” to confirm the banking information. It also claimed that the money would be returned, however the user recognised it was untrustworthy.
The accommodation management later informed the user, who was staying at the property at the time, that the residence had “been subject to a phishing scam”.
According to the user, the accommodation was “perfect” and believed the management had nothing to do with the attempt to steal his banking information.
Phishing scams are when texts, emails or other digital messages are used by scammers pretending to be a legitimate service in order to steal banking information from victims.
After contacting Booking.com about the attempt, the company claimed it was not responsible for the scam attempt that was made using its own messaging service.
The Journal contacted the company and provided them with the evidence that a phishing scam attempt was taking place on their website and asked the company to clarify its responsibility in the matter.
A spokesperson for the company did not clarify the company’s responsibility but said the user did receive a phishing message last year, “which luckily they did not fall victim to”.
“We can confirm that there has not been a security breach of Booking.com, but we are aware that some of our accommodation partners have been targeted by phishing messages from criminal, external third parties, which in some cases has impacted their own systems,” they added.
Booking.com said it recognised that these types of scams pose a “significant threat to many industries” and have continued to invest in new measures which protect customers and accommodation partners.
“We also have a number of checks in place to verify properties before they are ever allowed to begin welcoming guests, as well as teams dedicated to detecting and blocking suspicious activity around the clock.”
The company said it does, in “very rare” incidents, remove listings from the platform after investigations have been conducted.
It added: “We always advise customers to report any suspicious messages to us via our customer service team, or by clicking on ‘report an issue’, which is included in the chat function, where we also have clear guidance for customers on how to avoid suspicious activity.”
Customers should also check the payment policy details outlined on the property listing page and in the booking confirmation.
To embed this post, copy the code below on your site
have your say