Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Irish Booking.com customer scammed after receiving bogus confirmation email from within app

Lee Lindsay was scammed out of €376 after he made a payment to a website purporting to be Booking.com.

BOOKING.COM HAS MOVED to assure customers its platform is safe, after an Irish man was targeted by a scam email that appeared to come from the accommodation website’s own email account.

Lee Lindsay was scammed out of €376 after he made a payment to a website purporting to be Booking.com. While the site in question where Lee entered his payment details was a false website, Lee clicked a link on an email that came from a legitimate Booking.com address.

Lee had booked via the website to stay three nights at a hotel in Milan early next year. Following the booking, everything was normal.

Lee then received a communication last Friday purporting to be from the hotel. He received both an email and a message from within his Booking.com profile.

The email – seen by TheJournal - comes from the address “[Hotel Name] via Booking.com <noreply@booking.com> ” and says “You just got a new message from [Hotel Name]. The message in question reads:

Screenshot 2023-10-26 at 19.18.00

The link in question – as can be seen from the above email – leads to a website that appears to be Booking.com, but in fact leads to a fake website. Lee said he entered his card information into this site (using a Revolut debit card) and the €376 was taken from his account.

He realised quickly it was a scam, as further payments were attempted on his account, which he blocked. Lee has since contacted Booking.com and the hotel in question but has not received any refund to date.

“I wouldn’t be overly optimistic of getting a refund,” he told The Journal, but said that the Booking.com platform should be more robust in order to avoid this happening.

“It’s not an insignificant amount. It’s not the end of the world, but I’d like to get it back and I don’t want other people falling four of the same thing,” he said.

Lee also said that stronger measures should be in place to ensure the Booking.com communication platform is not compromised.

“Why aren’t measures like two-factor authentication enforced to guarantee the provider’s identity before comms with guests are facilitated via the Booking.com messaging platform?” he asked.

They say that “no breach has occurred”, whereas, in practice – it has.

Lee is not the only person to have been targeted in recent weeks. The Guardian reported last week that a large number of customers in the UK had fallen victim to the same scam.

The Guardian also highlights how hoteliers have complained on Booking.com’s support platform about their customers being targeted.

In a statement, Booking.com assured customers that its platform had not been compromised, and that both the hotel in question and the customer had fallen victim to a phishing scam.

“Ensuring that our platform is safe for our partners and customers is a top priority for us, and we’re sorry to hear about the experience of the customer you brought to our attention, and are in the process of contacting them to ensure they are fully supported,” the company said.

“While we are still investigating the circumstances in this particular case, it sounds like the customer may have been the victim of a phishing scam.

“This is not a breach of Booking.com’s backend systems, and likely a coordinated effort by attackers to commit fraud against both guests and hotel by targeting them with phishing emails.

 ”As a responsible travel company, we are constantly reviewing and improving our own robust security controls and offering guidance and training to our accommodation partners to ensure they can also remain safe, with online fraud and cyber criminal activity a pressing issue across many sectors.”

The company then said that it has a “dedicated ‘safety tips for travellers’ page, where we remind them not to share sensitive information like credit card details via email, message or on the phone”.

We will also never ask for payment that is different from the original reservation conditions, which can be found on the booking confirmation. If a customer does ever receive a message they are unsure about then our customer service team is available to support further.

Have you been affected by this scam? Get in touch cormacfitzgerald@thejournal.ie

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
66 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds