Booking.com hack
 

Just a heads up for people. When I was in Italy, I received an email purportedly from Booking.com saying that I needed to provide my credit card info so the hotel could do a test charge to make sure the card is active, and if I didn't, my reservation would be cancelled. I know some hotels do this (at least one of mine did), but I was immediately suspicious because Booking already has the info, plus they didn't give the name of the hotel.

I responded, asking for the name of the hotel (of course not giving them any info) and did not hear from them. A couple days later, I received another email, again threatening cancellation.

I contacted Booking, but they weren't able to give me an email where I could forward these emails. I meant to call them when I got home, but I'm afraid I had a lot going on and didn't.
So be careful!

I'm pretty sure you're describing a hack of the Booking.com system -- a HACK, not a SCAM. I've gotten the kinds of message you describe twice now (different hotels). I reported them to booking.com and was assured that they are working to resolve it. You were right to refuse to send the CC information.

I imagine you can tell by the email address that sent it. That is odd because you can't make a reservation to begin with without giving a credit card. So somehow they hacked in enough to know you had a reservation with booking and your email but not enough to get your CC info. Which is good, I suppose.

OK, maybe hack, not scam. Either way, not good.
That's a good point, Christina. They got in but not all the way in.

I agree that it's not good, except that they can't actually get the CC info. I just wanted to clarify that it's not booking.com's fault -- it may be a scam, but not one by booking.com! Sorry I wasn't clearer in my initial post.

Oh, sorry, I didn't mean to imply that it was Booking's fault with my use of the wrong term. Definitely the hackers!

Geez, I can't even spell anymore! "com'slt" should be "com's fault." I agree that it is a scam, SusanP, and suspect (and hope!) that people will figure out what we mean and avoid falling for it. Thanks for mentioning it on Fodor's!

That same happened to me with the Holiday Inn Express LHR Terminal 4 -- the hotel told me their own system had been compromised (my guess via some breech in the Booking , com system) and there had been a lot of calls from confused guests.

This does not (necessarily) seem related but I recently got a message from one of my upcoming bookings via Booking where they asked me to confirm it again because of a glitch in their system.

Because I cannot reconfirm without re-booking, I've ignored the message. If they have a glitch, they should be contacting Booking, not me.

Consequently, I was able to book with another property that is highly recommended here and I actually needed to cancel the original property anyway.

After this report, makes me even more suspicious, to be honest.

I would strongly recommend that anyone who has a problem involving an unexpected communication from booking.com contact them directly. My experiences have been that they are very responsive. They can only address hacks if they know about them!

In the first of my two experiences, the hotel at issue indicated that they believed their system had been compromised and said they had been deluged by concerned guests-to-be. Staff at the hotel involved in the 2nd episode weren't sure what had happened, and also said that they'd had lots of calls from confused people. Neither of my reservations had actually been affected.

From what little I know, my guess is that some entity(ies) have figured out how to hack into the booking system and through that "portal," they've gotten into some of the IT systems of participating hotels. I could be wrong!

I didn't have any reservations cancelled, all were fine. They're just interested in getting credit card info from people.

This has been well publicised in Europe at least. I personally have not experienced it even though I have, reluctantly, made several bookings though Booking.com recently.

Please explain to me why many people use booking.com instead of just writing to the hotel directly?

Lots of reasons....ease of booking and cancelling. Clarity on exactly what one is booking. No language barrier. Sometimes better price or cancellation policy.

I often make a month's worth of bookings at once, and it's easier for me to do so using one or two platforms vs contacting each property directly. The property can be contacted via the Booking.com website if one has questions or wants to verify a booking. Same holds true for Hotels.com, Air BNB and VRBO.

I usually compare prices/cancellation policies on booking sites with the accommodation's site (if they have one) and use whichever has the best price/cancellation policy.

I often find apartments on Booking.com that don't have their own site as they're a small business. I'd not have learned about their property at all were it not for Booking.com (or whatever platform they're listed on).

I've had trouble booking apartments in Europe directly...sometimes the owner isn't set up to take credit card payments. Sometimes they'll accept cash on arrival, other times they use a third party system for taking credit card payments, so one doesn't really know who they're dealing with or if the money will be returned in case of cancellation. Sometimes they want a bank transfer, which is expensive and cumbersome. Sometimes they're busy running their business and don't get to their emails quickly.

I have two month long trips to Europe coming up and both were booked using a combination of Booking.com, Hotels.com, Air BNB, and the hotel/accommodation owner.

Just this week I booked a spontaneous road trip here in the US exclusively using Hotels.com. The whole trip was booked in under an hour.

Sure, it's easy enough to book with a property directly if you know where you want to stay, and it's easier to book hotels directly than apartments. But often times, one needs to research various options, and booking sites provide a concise list of properties available for your dates, etc. Booking.com and other booking sites can be a valuable tool.

I'm almost certain the hotel's site was hacked, not the site of booking.com. The hotel's database would typically have a notation that the reservation was made through booking.com but they wouldn't have the credit card information. That's why they would send you a phishing email pretending to be booking.com.

oh, that's a good point, I bet you are right. And a lot of hotels might not have as good security as major sites like booking (although they sure aren't immune, all big entities are hacked it seems to me, even places like Social Security Admin).

If a site like booking.com were hacked, I think it would get big news coverage.

Anyway, maybe you should contact the hotel and tell them you think they might have been hacked.

This same thing happened concerning a hotel on our past trip. I may have gotten, over the space of two weeks in March, three suspicious emails from the faux Booking.com people. I just kept re-checking my own Booking.com account reservation, which was always confirmed, very sure this was a fraud. Booking.com, the real one, finally sent an email alert about the fraudsters, and the hotel itself sent out an alert. If I recall correctly, Booking.com also had a little notice on their website.

As others have assumed, it was the hotel system itself that was hacked, and the attack never impacted my credit card.

In fact, there were articles on this in various publications this year. There is even one on fodors website in the News section dated Feb 1, 2024. Most people don't even read the news anymore. There is one on bbc.com last December also.