Along with names like Airbnb and Vrbo, Booking.com is a popular booking app among vacation rental owners and guests alike. Fraudsters, though, are taking advantage of its popularity and finding innovative ways to use its extranet as a way to get their hands on personal details like booking dates and bank card numbers.
Just like with any other type of online transaction, there are a few key best practices that hosts and guests need to follow. Here’s how you can minimize your chances of falling for Booking.com scams and what to do next if you suspect suspicious activity.
While some make fishing their hobby or source of income, others turn to a different type of phishing. Not to be confused with the socially acceptable form of fishing, phishing refers to a form of cyber attack. It involves a scam artist attempting to assume the identity of another person, like a guest, or a business, such as a hotel, in order to gain personal data or money unlawfully.
Sadly, it’s very common and the travel industry isn’t immune.
Cybercriminals are also targeting accommodation partners of Booking.com as well as their guests. Using phone calls, text messages, or phishing emails, they’re trying to steal reservation data, personal details of guests and employees, and/or credit card details.
Your Booking.com extranet account holds a lot of valuable data. Scammers can use various channels and approaches to try and get their hands on your login credentials so that they can gain access to sensitive data like payment information.
To help you identify a potential phishing attempt, here are a couple of red flags to be on the lookout for:
Phishing emails are quite common. Some are easy to spot, while others look like the real deal for which you can easily fall. Fraudsters can try to copy Booking.com emails with the goal of getting your login credentials so that they can gain control over your Booking.com account.
Always be wary of clicking on links sent via email. In the case of Booking.com scams, con artists will include a web page that looks similar to the official login page.
One way to spot a potential scam is to double-check the address bar. You can hover your mouse over the link and inspect the destination of the link before you click on it. If you use a mobile device, tap and hold the link.
If you spot any differences, it’s a red flag. Don’t click on it. Inform Booking.com about this email immediately.
Another way that you can avoid falling prey to this type of scam is to bookmark the legitimate extranet link. Moving forward, you can use this bookmarked page whenever you receive an email requesting you to log in.
The choice of words can also be a giveaway. Phishing emails or WhatsApp messages typically let the reason for contacting you sound very urgent.
It will call for your immediate action in order to avoid your Booking.com account from getting suspended, for example. They also like to contact you about financial matters that require urgent action.
Aside from links to web pages containing subtle differences, the subject line and body of the email message can also contain grammatical or spelling mistakes. The sender might also switch between different languages.
Before you open any email, it’s good practice first to double-check the email address of the sender. Companies will always send you emails from their official subdomain. In the case of Booking.com, any email that you receive from them should be sent from an email address that ends in @booking.com.
Here are some examples of email addresses that you can trust:
If it uses anything else (even if it’s merely an inconspicuous extra number or alternative spelling), it’s not from a legitimate sender. Don’t open it. Instead, report it as spam and inform their security team.
Aside from informing Booking.com immediately, users should also do the following to protect themselves.
If you suspect that your device has been infected with malware, change your passwords immediately. This applies to both your email account as well as your Booking.com account. First change the password of your linked email account and then your Booking.com password.
Even if you don’t suspect a security breach, it’s good practice to change your passwords regularly. So, ensure that you reset both these passwords from time to time. You can, for example, make it common practice to change these when you update your property listing.
Your passwords aren’t the only things that fraudsters are after. It can also be their goal to embed a malicious file onto your smartphone, laptop, or personal computer. As such, it’s also good practice to scan these devices with an up-to-date malware scanner, especially when you’ve clicked on a strange link or downloaded weird files. Additionally, consider using a free iPhone VPN to add an extra layer of security to your online activities and protect your sensitive data.
Vacation rental hosts and property managers aren’t the only ones that can fall victim to a scam. Cybercriminals are also targeting travelers.
The latest modus operandi is that guests are typically approached by means of a WhatsApp message. The text message is usually to notify the guests that their payment was declined. If this happens to you from time to time, you’ll probably think nothing strange of this message.
Guests are then requested to make another payment outside of the booking platform to finalize their hotel reservations. When guests click on the link, they’re taken to a web page that looks basically the same as the online travel agency’s official website.
The scam appears quite legit as the WhatsApp message typically has a lot of personal details. Information that it can contain includes the guest’s full name, contact number, name of the property that was booked, the exact dates of the reservation as well as the exact amount. This makes it a lot harder to dismiss it as an obvious scam.
While this is an example of a sophisticated scam, the lesson here is that guests should never make a payment outside of the official booking platform. Hosts can also take note and send guests a friendly reminder that they should rather first double-check with Booking.com before making another payment.
Aside from ensuring that your online habits adopt the latest security measures, keeping the lines of communication open can also help to prevent this type of fraud. To help you with this, you can check out a tool like iGMS.
iGMS can help you to streamline guest communication. You can use it to organize your messages and email into a single feed, while automated templates and triggered messaging can help to save further time.
In addition to guest communication, iGMS can also help you to receive payouts securely by connecting your Stripe account and streamlining the following daily hosting tasks: