Scammers use stolen database of real Booking.com travel orders. Russian Booking.com customers received e-mails from fraudsters at the beginning of October.
Scammers asked for prepayment in full for a previously booked room. It should be mentioned that Booking.com never asks for payment up front. Customers got emails supposedly from Booking.com with real reservation number, dates and names of hotels.
While studying customers’ correspondence, security researchers said the domain names used by scammers for sending letters were not sent by Booking.com or hotels. So, a few emails received by users on 2 October, 2015 were sent from domain names registered just a few days earlier — on 20 and 29 September, 2015. It is clear that customers were affected by phishing activities when fraudsters used fake emails aimed at stealing money and personal information.
It should be mentioned that fake Booking.com emails were addressed from @booking-shvu.com and @reservation-status.com, however any official correspondence will be sent from an official email address ending in “@booking.com”. If the domain at the end of the email address is different to the company’s official website, even just slightly, you should consider if it’s a scam email.
Booking.com is aware of phishing attacks from fake email addresses. The attacks affected a few hotels. Security expert at Booking.com said: “We enhanced security measures to identify the problem and protect personal information of all Booking.com users and partners.”
Online travel agent Booking.com has admitted that it will compensate customers whose money and personal details have been stolen. Moreover its teams have also worked to "take down" dozens of phishing sites, as well as working with some banks to freeze the money mule bank accounts. It is not the first phishing attack on Booking.com. In October 2014 by accessing Booking.com reservations, the crooks have been able to obtain contact details to send customers demands for prepayment. The phishing emails were addressed from @booking-bvu.com.