Booking.com Hit by Yet Another Phishing Scam, Second in Three Months

Hotel owners were recently targeted in the second phishing scam to hit Booking.com in recent months.

Booking.com can’t seem to catch a break. The online travel agent has been hit by yet another phishing scam, and this time, hotel owners were targeted.

In the most recent phishing attack, scammers created a bogus Booking.com page and emailed hotel owners with a notice that back-end payments had malfunctioned. The hoteliers were then urged to resubmit their monthly fees through this new site.

A company statement says that payment incidents were limited, but sources from the website claim the issue could be much larger than expected, with one hotel having paid tens of thousands of euros to the fake account. The statement also says that a dedicated security team is working on the issue and efforts are being made to freeze all fraudulent bank accounts associated with the scam.

Back in November 2014, nearly 10,000 Booking.com customers were issued refunds after falling victim to a different phishing scam, wherein hackers managed to obtain booking details and personal information associated with a large number of reservations. The hackers then used this information to send out emails asking targeted users for prepayment of the rooms.

This latest phishing attack acted similarly to a scam involving the International Air Transport Association in May 2013, when emails were sent asking recipients to settle up on an outstanding bill. In both cases, the scammers were well aware of how payment and service systems are used throughout the travel industry.

[Photo: iStock]