Overview

• Fraudsters have shifted to terse five-word messages saying 'your reservation is at risk' to prompt users for payments or credit card information.
• Action Fraud recorded 532 reports from June 2023 to September 2024, with victims losing £370,000, and has escalated its travel fraud alerts.
• Criminals hijack hotel partners’ Booking.com accounts through targeted phishing attacks on accommodation providers to send scam messages via in-app alerts, email or WhatsApp.
• HP Wolf Security warns of a related scheme where fake Booking.com web pages prompt users to accept cookies that download malware onto their devices.
• Booking.com maintains that such incidents remain rare, says it is investing in cybersecurity, and advises travelers to verify payment requests through its official platform and enable two-factor authentication.