You’ve finally booked that long-awaited getaway—maybe a sun-drenched escape to the Gold Coast, a city break in Melbourne, or a European adventure.
The anticipation is building, your bags are half-packed, and then—ping!—a message arrives. It looks official, maybe even comes through the Booking.com app or a convincing email.
It says your reservation is at risk unless you urgently provide your credit card details or make an additional payment. The clock is ticking, and panic sets in.
Sound familiar? If so, you’re not alone. As more Australians embrace online travel bookings, scammers are getting smarter, and their latest tricks are catching even the savviest travellers off guard.
The Booking.com scam: What’s happening?
This isn’t your run-of-the-mill dodgy email from a ‘Nigerian prince.’ The Booking.com scam is far more sophisticated, and it’s targeting real customers who have made genuine reservations.
In the UK alone, over 500 cases were reported between June 2023 and September 2024, with losses totalling hundreds of thousands of pounds. And yes, Australians are in the crosshairs too.
Here’s how it works: Cybercriminals use phishing attacks to hack into accommodation providers’ systems.
Once inside, they access real booking details and contact guests—sometimes via WhatsApp, but often through the actual Booking.com platform.
That means the usual red flags (strange email addresses, odd-looking links) might not apply. The message may look completely legitimate.
What does the scam look like?
The scam message typically claims there’s a problem with your payment or that your card details need to be ‘verified’. It might warn that your booking will be cancelled if you don’t act fast—often giving you just a few hours to respond.
There’s usually a link to click, leading you to a page where you’re asked to enter your credit card details.
Sometimes, the scam is even more insidious: fake Booking.com web pages are set up to trick you into downloading malicious files, giving criminals full control of your device.
HP Wolf Security, a global tech firm, has reported that these fake sites often ask you to ‘accept cookies’ before you can view your booking. Click ‘accept’, and you could be unwittingly installing malware.
What are the scammers after?
In most cases, they want your credit card details. They might claim it’s just for ‘pre-authorisation’ or to ‘verify’ your card before your stay.
But once they have your details, they’ll quickly charge your account—sometimes for hundreds or even thousands of dollars.
How can you protect yourself?
1. Don’t panic—pause and check: If you receive a message about your booking, don’t rush. Take a breath and verify the message before responding.
2. Check the payment policy: Booking.com advises travellers to always double-check the property’s payment policies on the official booking page or in your confirmation email. If there’s no mention of a pre-payment or deposit, but you’re being asked to pay in advance, it’s likely a scam.
3. Contact Booking.com or the property directly: If you’re unsure, reach out to Booking.com’s customer service or the accommodation provider using contact details from the official website—not those provided in the suspicious message.
4. Be wary of links: Genuine payments should only be made through the Booking.com app or website. Never follow links to external sites, no matter how convincing they look.
5. Look for red flags: Scam messages often use urgent language (‘Your booking will be cancelled in 2 hours!’) and may contain spelling or grammar mistakes.
6. Enable two-factor authentication: Add an extra layer of security to your Booking.com account by enabling two-factor authentication.
7. If you’ve been caught out: If you’ve entered your card details on a suspicious site, contact your bank or card provider immediately. You may need to block or cancel your card to prevent further losses.
Why are these scams so effective?
The global nature of Booking.com means scammers can target anyone, anywhere. And with the rise of AI, cybercriminals are creating increasingly sophisticated scams that are harder to spot.
Booking.com says it’s investing heavily in cybersecurity, but even the best defences can’t stop every attack.
What’s being done?
Booking.com and other travel platforms are working to improve security and educate customers.
Regulators in Australia and around the world are issuing warnings and urging travellers to stay vigilant.
But ultimately, the best defence is a healthy dose of scepticism and a willingness to double-check before you click.
Have you been targeted?
We want to hear from you! Have you received a suspicious message about your travel booking? Did you spot the scam in time, or did you get caught out?
Share your experiences and tips in the comments below—your story could help protect others in our community.
Final thoughts
Travel should be about excitement and adventure, not anxiety over scams. By staying informed and cautious, you can keep your holiday plans on track and your hard-earned money safe.
Remember: if something doesn’t feel right, it probably isn’t. When in doubt, check it out—before you check in.
Safe travels, and don’t forget to share your thoughts below!
Also read: Discover the top holiday scam hotspots—and how to avoid them
