Hotels on Booking.com urged to ‘secure their systems' amid rise in scams

04 December 2023 by
Hotels on Booking.com urged to ‘secure their systems' amid rise in scams

Booking.com has urged its partner hotels to install two-factor authentication after a rise in phishing emails in recent months.

It comes after American cybersecurity company Secureworks warned that some hotels on Booking.com had been targeted by malware that is initiated by an email to a member of the hotel's operational staff.

Secureworks revealed that the email sender often pretends to be a former guest of the hotel claiming they have left identification documents at the property.

Once they strike a conversation with a representative from the hotel, they send over a Google drive URL that is able to steal the hotel's Booking.com credentials once it is downloaded.

Some hotels reported receiving complaints from other customers about money being stolen from their accounts after the malware was executed.

A spokesperson for Booking.com said: "We are aware that some of our accommodation partners have unfortunately been targeted by phishing emails in recent months that are deployed by criminals using a host of known cyber fraud tactics, which ultimately encourage them to click on links or download attachments outside of our system that enable malware to load on their machines and, in some cases, lead to unauthorised access to their Booking.com account.

"While this breach was not on Booking.com, we understand the seriousness for those impacted, which is why our teams work diligently to support our partners in securing their systems as quickly as possible and helping any potentially impacted customers accordingly, including with recovering any lost funds."

Booking.com has urged hotel partners to set up two-factor authentication and take guidance from the booking platform's face-to-face workshops and dedicated cybersecurity advice hubs.

It also stressed that customers should be vigilant and reach out to Booking.com should "a property or host appear to be asking for payment outside of what's listed on their confirmation".

"No legitimate transaction will ever require a customer to provide their credit card details by phone, email or text message (including WhatsApp)," they said.

Booking.com added: "While there is no silver bullet to eradicate all fraud on the internet, our dedicated account security team is always monitoring and stopping new threats, as well as implementing new measures to assure the account security of both our customers and partners.

"This includes new security features to lock or block inactive partner extranet accounts, which is where we have seen fraudulent activity take place once scammers get unauthorised access to the hotel's Booking.com account, after they have clicked on phishing links and downloaded malware onto their own computer systems."

"Furthermore, if we detect suspicious activity on a hotel's account then we take swift action, including immediately disabling the ability for links to be shared via messages on our platform, to help stop fraudulent requests for payments."

The Caterer Breakfast Briefing Email

Start the working day with The Caterer’s free breakfast briefing email

Sign Up and manage your preferences below

Check mark icon
Thank you

You have successfully signed up for the Caterer Breakfast Briefing Email and will hear from us soon!

Jacobs Media Group is honoured to be the recipient of the 2020 Queen's Award for Enterprise.

The highest official awards for UK businesses since being established by royal warrant in 1965. Read more.

close

Ad Blocker detected

We have noticed you are using an adblocker and – although we support freedom of choice – we would like to ask you to enable ads on our site. They are an important revenue source which supports free access of our website's content, especially during the COVID-19 crisis.

trade tracker pixel tracking