In the last few hours, new cases of phishing scams have been detected that directly affect Booking.com users, both in Spain and internationally. Cybercriminals take advantage of the high season and the fear of losing reservations to launch fraudulent messages that impersonate hotels and the platform itself, using increasingly sophisticated techniques. If you're looking for information about the latest phishing on Booking and how to protect yourself, here are all the details and tips
How does the phishing scam on Booking work in the last few hours?
- Messages from legitimate accounts: Attackers are able to access official hotel accounts within Booking, sending direct and convincing messages to guests with active bookings.
- Urgent Cancellation Notifications: The message, both by internal Booking chat and by email and even WhatsApp, warns that your reservation will be canceled if you do not provide personal data or make the payment for a new “urgent” link in less than 24 hours.
- Links to fraudulent payment sites: The link included in the message redirects to a fake website that mimics the official Booking interface, in order to steal personal, banking and access credentials.
- Dual path of attack: They use both the internal reservation system, the registered email and messaging apps such as WhatsApp, amplifying the impact and credibility of fraud.
- Confirmed cases: Numerous hotels have been hacked and clueless users have ended up sending their data and losing their money; Booking and several establishments are warning their customers to ignore the messages and contact them through official channels.
- These emails include links that redirect to fake web pages that mimic Booking but are designed to capture personal data, passwords and bank details.
- Fraudulent messages sent via WhatsApp or SMS have also been detected, increasing the difficulty of identification by users.
- The scam plays on fear and urgency, trying to get potential affected parties to react quickly without verifying the authenticity of the message.
Why is this new phishing on Booking so effective and dangerous
- Cybercriminals impersonate legitimate hotels and access real reservations, making the user trust the message.
- The fear of missing the trip, the urgency and the deadlines cause an impulsive reaction, ideal for social engineering.
- The scam can affect both foreign and domestic travelers, since the system operates from within the platform itself and through alternative channels.
- The rise of these frauds coincides with the increase in malicious tourism campaigns during the summer, with thousands of new suspicious domains detected every month.
Apolo Cybersecurity Guide: Tips to protect yourself against phishing on Booking
- Never follow links or give your details outside the official Booking web/app.
- Check directly with the hotel or with Booking if you receive messages that request additional information or sudden payments.
- Always check the web address and the sender of any communication.
- Activate security alerts and check the Booking support section for recent incidents.
- Report and share scams detected on networks and with other travelers to help prevent more victims.
- Stay calm and don't immediately respond to urgent messages; check the authenticity of the request before taking action.
🛡️ Protect your bookings and avoid fraud: request your free consultancy with Apolo Cybersecurity
The new wave of phishing on Booking once again highlights the importance of cybersecurity in the tourism and digital consumer sector. Stay tuned, verify your communications and prioritize secure channels for any reservation management.
Do you want to protect your digital reputation and learn to detect threats on online platforms?
Request a free consultation with Apolo Cybersecurity and protect your holidays, data and accounts against emerging fraud.
%402x.svg){kind=icon}