TropicalTripper

I debated posting this on the thread for the Sthala Hotel. Mods, feel free to move if that's where this post should be.

Over the weekend I booked an SPG Hot Escapes member rate for a 3-night stay at the Sthala Hotel in June. Today I received an email from the hotel asking me to prepay the rate on a third-party Indonesian site that seems akin to Paypal.com

Here is an excerpted text from the message:

Kindly to inform you that when you booked online, it says that your credit card will be charged full payment after the booking is confirm and hotel will be processed the credit card manually. But, as per new policy from bank, we are unable to process any credit card without authorization from the card holder, for security reason. At this moment, we have not charge your credit card, instead, we sent you the Doku payment link and kindly follow the instruction on the email to process the payment of this booking. Please to inform the secure link sent will valid until at 23:00 local time on 28 May 2018.

I received an email with a payment link from Doku before the message from the hotel arrived, so before I saw the hotel message, I thought this was some kind of scam.

My initial thought was that if I do that I won't get my 3 miles per dollar spent for paying the travel charge with my Chase Sapphire Reserve. I wrote the hotel back explaining this, and asking if they could do something to compensate me for the lost points, like giving me an equivalent amount of SPG points or through some other remedy. The more I thought about it through the day, I was bothered that the hotel has this seemingly ad-hoc requirement for charging prepayments. I decided to write SPG through the email help link. No response from the hotel yet, and I just send the message to SPG HQ/corporate. Has anyone else had this issue booking with SPG properties in Indonesia and how do you all feel about it? Am I making too big of a deal out of this?

LPCJr

khabah

Aside from the bad English being a major red flag... I got something similar from the Sheraton Cairo where I booked through SPG.com and started receiving e-mails from what seemed to be an official hotel e-mail address requesting payment through a third-party/totally unrelated site. I called the Plat line about this and they told me not to open the link or put anything on there, as well as a story about how another guest lost over 700 dollars through a similar scam.

Bottom line: report this to Starwood and don't indulge it.

khabah

MSPeconomist

I'd report it to the hotel too. It sounds like someone might have hacked into their reservations system. Alternatively, there could be a rogue employee selling email addresses of guests with future reservations to a scammer.

yyznomad

Even if this were legit, it's still shady legit, if that can be a thing.

yosithezet

I wouldn’t do it. Let’s see what Starwood says.

MSPeconomist

Avoiding stuff like this is a reason to stay in chain hotels.

RogerD408

Doesn't sound like you will have any recourse if this is a scam. You've given up your info, it was not stolen. So DO NOT do this!

When you contacted the hotel, did you reply to their message? Bad move. It may very well look legit but could be spoofed. Go to the SPG website and look up the property to see if they have an email address listed and contact them via that.

I would CALL SPG and not write them about this issue. Very suspect at the best. If the property reservation has been hacked many others may be exposed.

TropicalTripper

The hotel responded with this:

"We really appreciate for your kind feedback, due to this regulation is new so we need a lot of feedback from our guest for this new type of services. Kindly to inform if your room payment settle by manually deduct the credit card or through secure link payment, you will keep received the starpoints from your stay. We understand that you feel inconvenience regarding payment method through the secure link, hence, you are pleased to settle the room payment upon arrival with our Reception. If your reservation caused as no show we will do the manual charge at full amount of reservation based on reservation’s policy."

I take it they are bluffing when they say they will charge the card manually if I no-show since their inability to manually charge the card is ostensibly the reason why they asked me to prepay in the first place. Starwood corporate wrote back to say that they are contacting the hotel's billing department to look into this. I forwarded them my most recent email from the hotel, along with the email payment link they sent me. I said I'm happy with the resolution in my case, but I made the point in my last email to corporate that this practice of asking pre-paid guests to pay using this third-party site should be looked at by someone in Starwood corporate so others aren't put into this position.

Because of my work I have a heightened awareness for cyber scams, and in a previous job with the same employer, I dealt with cyber scam issues on d daily basis. I actually didn't think this was a scam, it just looked scam-like. I didn't click on any links in the payment email, but after looking at the email properties on the message of the hotel, I didn't see a threat in replying. Worst case scenario, I would've ended up on more spam lists or been targeted as a higher-vulnerability target for having even responded. Reviews of the property on this forum note that staff at the hotel do not generally have polished English.

If I get any meaningful response from Starwood corporate, I will post here. Similarly, I will add more commentary if I run into any problems related to this matter while at the hotel.

RogerD408

Language aside, I don't they understood you concern over points. Highly unlikely you would have received the points for CC use. My guess the Doko account is not flagged as Starwood property and you would have had a fight getting them. Still not confident you were actually talking with someone associated with the property. This would be the type of response I would have given to try to keep from someone reporting me. I hope they nail down how this happened.

ANstar

I had a similar thing with Grosvenr house in Dubai... They requested I give my CC before arrival through a thrid party website. I thought it was well dodgy and called the hotel to confirm if it was legit and turned out it was. Pretty poor process to follow though.

yyznomad

So is my understanding correct in that you think this might be a scam, yet trusted the potential scammer "just enough" in responding to them by email? I know what you mean, but I still would've simply contacted SPG and let them handle it, and then hear back from them as a go-between. Just IMHO.

TomBrady

I thought this was a scam too when I got the DOKU payment thing.

I looked up all the email addresses and emailed with the accounts payable guy. It looks very scamish but its legit.
[email protected],
[email protected]

https://www.linkedin.com/in/i-wayan-...nawan-505b3646

I called the hotel to make sure this guy works there.

If it is a scam, this is a lot of work to make it legit. Also keeping a tight eye on my CC to see if any weird charges pop up.

yyznomad

Maybe Starriott is about to start a third-party payment company that all new reservations made starting January 1, 2019 need to be booked through it.

M.dA.R.