While fraudsters are always coming up with new schemes to steal consumers' money, the Consumer Advice Centre for Lower Saxony has warned of a new fraud scheme in which fraudsters take advantage of travel and holiday bookings made through the online booking portal booking.com.
According to the Lower Saxony Consumer Advice Centre in a report on a fraud case in which a consumer was affected, a female holidaymaker who booked a trip via booking.com and shortly afterwards received a message via the messaging service Whatsapp, in which a person claiming to be a hotel employee asked her questions about her booking and sent her links.
The woman, who initially ignored the messages but then received an email saying that there had been problems with her chosen payment method and she had to re-enter her details within 24 hours or the booking would be cancelled, later asked the hotel directly and was told that everything was fine with the booking and that it was probably a fraud attempt. The dodgy part was that the email directed her to a Booking.com website that was almost indistinguishable from the real thing.
Kathrin Bartsch, legal expert at the Consumer Advice Centre for Lower Saxony, pointed out that the fraudsters not only have the personal data of the bookers, but also know which hotel they have booked for which period, which makes it even more difficult to recognise a fraud attempt in the first place, and that the criminals who carried out the fraud are thought to have obtained the information of Booking.com customers through a hacker attack or security vulnerabilities in the management tools of the accommodation facility, so caution should be exercised even if the senders seem trustworthy.
Confirming that such scams have taken place, Booking.com made the following statements in a statement on the subject:
"Unfortunately, some of our accommodation partners have been tricked into clicking on links in phishing emails or downloading attachments outside of our system using very convincing and sophisticated phishing tactics, resulting in malware being downloaded onto their computers. The fraudsters pose as hospitality partners to demand payment from customers.''