Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

€2 a Month €5 a Month One-off amount
Phishing

Irish Booking.com customer scammed after receiving bogus confirmation email from within app

Lee Lindsay was scammed out of €376 after he made a payment to a website purporting to be Booking.com.
9.01pm, 28 Oct 2023
53.4k
66

BOOKING.COM HAS MOVED to assure customers its platform is safe, after an Irish man was targeted by a scam email that appeared to come from the accommodation website’s own email account.

Lee Lindsay was scammed out of €376 after he made a payment to a website purporting to be Booking.com. While the site in question where Lee entered his payment details was a false website, Lee clicked a link on an email that came from a legitimate Booking.com address.

Lee had booked via the website to stay three nights at a hotel in Milan early next year. Following the booking, everything was normal.

Lee then received a communication last Friday purporting to be from the hotel. He received both an email and a message from within his Booking.com profile.

The email – seen by TheJournal - comes from the address “[Hotel Name] via Booking.com <noreply@booking.com> ” and says “You just got a new message from [Hotel Name]. The message in question reads:

Screenshot 2023-10-26 at 19.18.00

The link in question – as can be seen from the above email – leads to a website that appears to be Booking.com, but in fact leads to a fake website. Lee said he entered his card information into this site (using a Revolut debit card) and the €376 was taken from his account.

He realised quickly it was a scam, as further payments were attempted on his account, which he blocked. Lee has since contacted Booking.com and the hotel in question but has not received any refund to date.

“I wouldn’t be overly optimistic of getting a refund,” he told The Journal, but said that the Booking.com platform should be more robust in order to avoid this happening.

“It’s not an insignificant amount. It’s not the end of the world, but I’d like to get it back and I don’t want other people falling four of the same thing,” he said.

Lee also said that stronger measures should be in place to ensure the Booking.com communication platform is not compromised.

“Why aren’t measures like two-factor authentication enforced to guarantee the provider’s identity before comms with guests are facilitated via the Booking.com messaging platform?” he asked.

They say that “no breach has occurred”, whereas, in practice – it has.

Lee is not the only person to have been targeted in recent weeks. The Guardian reported last week that a large number of customers in the UK had fallen victim to the same scam.

The Guardian also highlights how hoteliers have complained on Booking.com’s support platform about their customers being targeted.

Read Next
Related Reads
'Oh, can we just stay?': People turn up to Westmeath home listed as hotel on Booking.com

In a statement, Booking.com assured customers that its platform had not been compromised, and that both the hotel in question and the customer had fallen victim to a phishing scam.

“Ensuring that our platform is safe for our partners and customers is a top priority for us, and we’re sorry to hear about the experience of the customer you brought to our attention, and are in the process of contacting them to ensure they are fully supported,” the company said.

“While we are still investigating the circumstances in this particular case, it sounds like the customer may have been the victim of a phishing scam.

“This is not a breach of Booking.com’s backend systems, and likely a coordinated effort by attackers to commit fraud against both guests and hotel by targeting them with phishing emails.

 ”As a responsible travel company, we are constantly reviewing and improving our own robust security controls and offering guidance and training to our accommodation partners to ensure they can also remain safe, with online fraud and cyber criminal activity a pressing issue across many sectors.”

The company then said that it has a “dedicated ‘safety tips for travellers’ page, where we remind them not to share sensitive information like credit card details via email, message or on the phone”.

We will also never ask for payment that is different from the original reservation conditions, which can be found on the booking confirmation. If a customer does ever receive a message they are unsure about then our customer service team is available to support further.

Have you been affected by this scam? Get in touch cormacfitzgerald@thejournal.ie

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

Support us Learn More

Author
Cormac Fitzgerald
cormacfitzgerald@thejournal.ie
Send Tip or Correction
Read Next
More Stories
Related Tags
Your Voice
Readers Comments
66
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel