In recent weeks, several cases have been reported where the popular hotel booking platform Booking.comwas unwittingly involved in a scam involving booking confirmation email. Apparently, in fact, the service’s email system is being exploited for a malicious campaign.
Email messages, in fact, see a theoretically legitimate sender (i.e [email protected]) which requires further details of the card used during reservations to confirm them, threatening the cancellation within 12 hours if not. There is therefore an external link in the email which would direct users towards dangerous sites.
Booking.com has strenuously denied that its system was hacked and has instead blamed the messages on breaches in its hotel partner’s email systems.
Booking confirmation email scam: not only emails but also messages via app
The Observer reader, Julia Berridge claims to have been forced to block your credit card after following the instructions in the email he apparently received from the website. Earlier this month he stayed in a hotel in Marseille for two nights at a cost of €349.
According to The Observer, the email containing the fraudulent payment request was apparently sent from a standard Booking.com email address. The message featured a link to your booking and it was complete with all the details of the stay. Not only that: the victim also identified the same message on theapp on Bookinga fact that rightly convinced her that it was a reliable request.
Although he didn’t lose any money, he entered his card details and decided his only option was to block it. Kate Wrightwhich works in digital commerce, was not so lucky, suffering two attacks.
When he received a second message of the same type, he contacted Booking.com, with the call center he described as “Simply impossible” the request received.
“I felt like I was hysterical – the call center refused to believe that the scammers had sent an email using the Booking.com system. But, after two days, I finally received a message from the hotel, again via Booking.com, saying that the system had been hacked, that they were aware of it, but that it had not been communicated to customers“.