Reports of scams involving Booking.com accommodations saw a sharp increase last year, with elaborate phishing scams targeting hotels and accomodation that use the website. Given several Aussie brands were also recently targeted by scammers, I’m starting to wonder if I should just never online shop again. (My bank account says yes, this is a good idea.)
The ACCC said its Scamwatch program received 363 reports of scams in 2023 that were related to Booking.com, resulting in more than $337,000 being lost. The previous year, there were only 53 scam reports that mentioned Booking.com — meaning there has been a 580% increase.
Honestly, can a gal book cheap accomodation in peace?! First the rental scam, now this.
According to a Booking.com spokesperson, it’s not actually the website that was hacked though — instead, hotels and other accommodations using its service were targeted by phishing emails which would then take over the computers of their staff.
FYI, a phishing scam is when cyber criminals trick you into giving your own passwords or financial information because you think you’re entering them into an official portal.
“In some cases this has led to unauthorised access of their Booking.com account, which enables these fraudsters to temporarily impersonate the accommodation and communicate with guests via email or messages,” the spokesperson said, per Guardian Australia.
“It’s important to highlight that Booking.com’s backend systems and infrastructure have not been breached, and the number of accommodations impacted are a small fraction of those on our platform.”
So, how can I avoid being scammed while using Booking.com?
This scam makes it pretty difficult to know something is wrong, since the accounts communicating with customers appear to be the hotel staff’s official account.
The ACCC has advised Booking.com customers to independently verify any emails with a link or attachment that needs your sign in details, personal or financial information. Real staff won’t ask you for your passwords or card numbers over the phone.
If you need to make a call, use the phone number listed on your accommodation’s verified website, instead of anything sent to you over email or text. That way you know the number you’re calling is the official one. The same goes for any links or emails you are sent — triple check the URL/sender to make sure they’re legit and not the Wish version. For example, when I make sure a link to an Auspost text says auspost.com.au, instead of something sneaky like austpost.com.au or pick-up-parcel-auspost.com.au.
It’s also a good idea to use the Booking.com app instead of the website, and enable two-factor authentication on all your accounts in general. Oh, and those 5,000 passwords that your iPhone keeps telling you have appeared in leaked data sets?
CHANGE THEM.
Image: iStock / stockcam
