Buyer Beware! Booking.com targeted by massive phishing scam

amex closing accounts
Disclosure: The Points Pundit receives NO compensation from credit card affiliate partnerships. Support the blog by applying for a card through my personal referral links. This article is meant for information purposes only and doesn’t constitute personal finance, legal, health or investment advice. Please consult a licensed professional for advice pertaining to your situation.

 

Just like any other sector of our hyperconnected digital economy, travel is also not immune to fraud. While we all enjoy the convenience of being able to book trips online at the push of a button, there are always threat actors looming in the background. I had one such horrible experience while using Booking.com.

Also Read: Travel may be down, but fraud is on the rise
Also Read: Chase customers log in and find funds missing from their bank accounts

Booking.com Debacle

For our upcoming trip to Spain, I used Booking.com in order to book Easyhotel Madrid. I received an email which was supposedly from the hotel. It was requesting a credit card verification process, which according to the email, was mandatory for all guests. The email seemed to be from Booking.com and looked pretty legit at first glance.

booking.com
A screenshot of the email I received

I clicked on the link to enter the details. After entering the details, the page kept loading but nothing happened. After waiting for a while I decided to reach out to the hotel directly. Much to my chagrin, the hotel told me that they never send any such emails to customers. Thankfully, the transaction hadn’t gone through.

booking.com

Additional Fraudulent Attempt

In the meanwhile, I realized I’d received another similar email for a separate hotel booking that I’d made for Hotel Verol in Grand Canaria. Once bitten twice shy. This time I realized what the modus operandi was and simply ignored the second email.

Attempted Transaction

I picked up my phone and realized that it had been buzzing with OTPs or One Time Passwords. These OTPs were for transactions in Kyrgystani currency. Clearly, there was an attempt to charge my credit card with that amount. Thankfully, it didn’t go through. I immediately called my bank to make sure that my account wasn’t debited and informed that my card may have been compromised. I initiated an immediate freeze on the card and placed a request for a card with a brand new set of credit card numbers, expiration date and CVV.

booking.com
One time passwords flooding in, clearly someone was trying to process a transaction

What Saved the day

What really saved the day me was the fact that the hotels were very quick to respond. This meant that we instantly got a feedback that prompted us to contact our card issuer to block future transactions. We requested both hotels to bring the issue up with Booking.com. While they obliged, Booking.com seemed like it wanted to simply make us go around in circles. I tried the chat bot option again to drop in a complaint and all I got was a canned response.

Booking.com
Booking.com’s response – scams are bad, avoid them

In response, I wrote them another scathing email about what was going on and how more customers could possibly fall prey to such rampant fraud. However, all I heard was either crickets or canned responses.

booking.com
Another email asking me: how did we do?

Making Things Right

I don’t know if this is by design, but it’s really difficult to reach a real person who works for Booking.com. When I was trying to raise an alarm in order to bring this to the attention of Booking.com’s executives, the response was either non-existent or cold.

You have to interact with a chat bot which tells you that it has raised an issue and that an agent will get back to you shortly. Radio silence is what follows. Even when I wrote a scathing email about their lackadaisical attitude and wanted to work with them to fix it, their response was either canned or evasive in the first place.

The Pundit’s Mantra

Overall, it’s one thing that Booking.com’s response was tone deaf or non-existent. One can understand that they truly don’t care about customer support once they have the customer’s money in their pockets. However, I’m flabbergasted by the fact that they would have such a cavalier approach to a serious security threat.

Even for selfish business reasons, I’d assume at the very least that Booking.com executives would be worried about people conducting massive phishing scams worldwide under their brand name. At the moment though, it seems like Booking.com simply doesn’t care about either, be it the customer’s ordeal or their own brand.

By guest contributor Isek Rekors

___________________________________________________________________________________________________________________ 

Fantastic limited time offers by Chase still available!!!

Earn 90,000 Ultimate Rewards points for no annual fee OR Earn 100,000 Ultimate Rewards points with Chase for a card that only charges an annual fee of $95.

___________________________________________________________________________________________________________________ 

Never miss out on the deals, news and travel industry trends. Like us on Facebook, follow us on Instagram and Twitter to keep getting the latest content!

Total
0
Shares
1 comment
  1. Had similar experience with hotel in S.Martin. Suddenly I get a mail offering me to pay my stay in bitcoins . “ Due to popular demand”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Post
Park Hyatt Aviara lobby with chairs and a chandelier

Luxury Hotel Review: Park Hyatt Aviara Resort, California

Next Post
Air Canada Airbus 330 Business Class

Flying Air Canada Business Class on the Airbus 330

More Posts by: The Points Pundit