Booking.com Impersonation Scams Spike After April Breach
Scams impersonating Booking.com rose 56% after an April breach, using fake cashback emails, malicious PDFs, WhatsApp/SMS phishing and counterfeit booking sites to steal payments and data
Booking.com impersonation scams rose 56% in the weeks after information from an April breach leaked. Weekly volumes increased for five consecutive weeks, according to Scam Guard data.
Fraudsters used fake cashback emails, PDF attachments that require a “secure viewer,” WhatsApp and SMS phishing, in-app messages, and cloned booking sites to collect payment details and personal information. Some victims who entered card data received fake confirmations; others had devices infected with remote access trojans.
Scammers are exploiting stolen customer data and the urgency of travel purchases. Booking platforms, hotels and airlines process large upfront payments and hold names, travel dates, contact details and, in some cases, passport numbers. Criminals use that information to make messages and sites appear legitimate.
Recorded tactics include a fake cashback notice promising €435 that led to a phishing site, messages inside booking apps requesting an extra reservation fee, PDFs that prompt users to download a viewer that installs malware, WhatsApp alerts claiming missing card details and text messages linking to counterfeit Booking.com pages.
Attackers also clone legitimate travel and hotel sites and use paid ads or search-result manipulation so the fake pages appear high in results. Fake or hijacked rental listings encourage off-platform payments, bypassing platform protections. One 2024 incident involved a bogus Amsterdam rental listing followed by an email impersonating a review site to collect payment information.
Security measures to reduce risk include using credit cards for payments when possible, avoiding cryptocurrency or gift-card payments, and verifying bookings through the vendor’s official app or website. Contacting the property directly by phone and avoiding sponsored search results can help confirm legitimacy.
Do not open unexpected attachments or install software to view a booking. Keep devices protected with up-to-date anti-malware and use browser phishing blockers. Be wary of deep discounts or strict time limits and confirm that vendor domains and sender addresses match official channels.
If a message contains personal data that matches a past reservation, verify the claim directly with the company rather than following links. Travel and hospitality firms have reported breaches in recent years that exposed customer emails, payment details and passport numbers, providing data that can be used in impersonation campaigns.
Articles by this author
