An investigation by the BBC programme Money Box found that fraudsters accessed Booking.com reservations, enabling them to obtain contact details which they used to send customers demands for pre-payment. The security breach is believed to have affected customers in the UK, US, France, Italy, Portugal and the United Arab Emirates (UAE).
The company insisted it is not the victim of a data breach, but that criminals are obtaining customer details by sending messages to hotels to acquire guest details.
This is known as a phishing scam: when criminals acquire sensitive information such as usernames, passwords, and credit card details by sending emails masquerading as sent by trustworthy companies.
In this case scammers gained customers’ emails – either from hacking into Booking.com or hotel security systems – and emailed customers to ask for upfront payments for hotel bookings they had made through the site.
Several customers told the BBC they had been targeted by the scammers, and in some cases had been duped into paying thousands of pounds.
Claire Coldwell from West Yorkshire told the BBC that she used had Booking.com to book hotel rooms for her and her colleagues who were attending a trade fair in London, and got an email purportedly from the Hilton Hotel she had a reservation with, asking for £3,000 in advance.
She told BBC News: “I got an email supposedly from Booking.com saying that because of the unusually high demand for those dates, the Hilton had taken the decision to ask for pre-payment in full for the whole week.”
Coldwell then got an email supposedly from the Hilton with similar demands. “They had everything like the reservation number, names of guests and the logos looked accurate.(ibtimes)
