'A scammer messaged me through Booking.com's app'

Which? explains why requests for personal information should always be treated with caution
Faye LipsonSenior researcher & writer

Dear Which?,

I booked a hotel on Booking.com and weeks later got messages through the Booking.com app, apparently from the hotel. 

The messages claim ‘we are unable to register you at our hotel, you will need to do it all over again by following the instructions below, please enter your booking fee’. This is then followed by a dodgy-looking link.

I contacted the hotel using the email address on its website. The hotel replied: ‘Booking.com’s connectivity partner has experienced a security incident. Please disregard any recent email with a payment link, as the link is fraudulent. Your booking is confirmed, and no additional prepayment is required.’

My booking didn’t look like it had been cancelled, but the messages kept coming so eventually I cancelled it myself. But I’m still feeling concerned. 

Katie B, London

Faye Lipson, Which? senior researcher, says: 

We first warned of Booking.com scams last year. More recently, the owner of a hotel in Northern Ireland shared with us scam ‘customer complaints’ emails she had been receiving. The emails claim to come from guests complaining about recent stays. The emails prompt her to log in to a cloned Booking.com site. It appears fraudsters use these bogus sites to collect login details and take over genuine accounts.

The national fraud reporting centre, Action Fraud, warned that between June 2023 and September 2024, it had more than 500 reports of similar phishing scams on Booking.com's platform, with losses totalling over £370,000.

Regardless of how your hotel’s account has been compromised, you need to be wary. The fraudsters have some of your details, though clearly not your payment details, and may use the stolen data in future. When messages claim to be from a trusted organisation and request your personal payment details, it’s vital to stop and verify the request. That means contacting the organisation directly, using trusted contact details.

Booking.com told us it invests in updating and protecting customers and accommodation partners. It said its systems have detected and blocked the majority of suspicious activity. It also says it never asks for payment details via email, chat messages, text or phone. Customers are encouraged to check payment policy details on the property listing page or the booking confirmation to be sure the message is legitimate, or to contact its 24/7 customer service.

key information

Need to know

  • Booking.com says it will never ask for payment details via email, chat message, text or phone.
  • Never trust a message asking for personal or financial information without first taking steps to check whether the request is legitimate. Get official contact details from the sender's genuine website to do this.
  • Typically, scammers will try to get you to 'verify' your details to confirm your booking and will use a threat to get you to take action immediately, such as cancelling your accommodation.
  • Report scam messages to Action Fraud or forward phishing emails to report@phishing.gov.uk. If you live in Scotland, you can report a scam to the police by calling 101.

Tell us about a scam

Have you come across a scam that you'd like to tell us about? Get in touch at yourstory@which.co.uk or you can use our scam sharer tool.

More on this

Related articles