For anyone who travels/ uses booking.com - scam alert
Nov 26, 2023 16:24:35 GMT -5
AeroCooper, ap, and 1 more like this
Post by anaix3l on Nov 26, 2023 16:24:35 GMT -5
Just in case this helps anyone not to get scammed.
TL;DR If you get a message from a hotel via Booking and you're being asked to update/ verify your card details, ignore it, it's a scam!
---
I'm going for a quick trip to Vienna and Bavaria in early December to see my final shows of the year, Insomnium and The Dead Daisies (with Spike from The Quireboys opening).
I'm not going to sleep on a bench at the train station in December, not when night time temperatures might drop quite a bit below freezing, so I booked hotels.
---
Tonight I got an email about a message from the hotel in Munich. To clarify, I got this message via the booking.com website.
The messages I receive like this are shown in the e-mail. This one was shown too. Copy-pasted the body of the message below:Note that if you want to try out the link to see for yourself just how well they've reproduced the Booking website, you'll have to type it manually, I've replaced some of the Latin letters with visually identical Cyrillic equivalents so that it's not automatically turned into a link.
Anyway, I didn't like what this message said. I have already paid for this hotel. The concept of money being taken from my card even though I had already paid for the booking - I did not like this at all. Let's say the request rubbed me the wrong way, so I thought I'd take a second look at it.
Which raised additional red flags.
First off, a red flag the size of China: the link itself, which does not point to the booking.com domain. Their URLs look something like this (domain in bold):
secure.booking.com/mytrips.en-gb.html
Instead, this was a different domain (in bold):
bооking.37511-confirm.cоm/p/6718435653
This screams phishing, scam!
By the way, both Firefox and Chrome highlight domains in the address bar - the rest of the URL outside the actual domain is more faded. Here's a Firefox example screenshot - note how everything but the domain, pinimg.com, is more faded.
Then there was the inconsistency. First they say the money would be returned within 3 days, then within 5 seconds.
Then there was the immediacy, the time pressure/ threat - if you don't do this within 24 hours, your booking gets cancelled. The "important" in all caps.
Then there was the emoji right after my name at the beginning. Not very professional, ain't it?
Thought I'd check the Booking website directly. This message did show up among my messages from the hotel and so did another one, sent less than half an hour after the previous one.
Copy-pasting the second message because that raised even more red flags.This is a very unprofessional message. Atrocious punctuation and wording. My dude, are you somewhere in China and passed this through Google Translate?
"payment will not be made a second time if you have already paid" contradicts the first message.
Wants to seem as if it comes from Booking, but messages from Booking don't show up with the hotel ones, they show up in a different tab/ section.
---
And then I remembered I had seen in passing a post from someone who had encountered such a phishing attempt weeks ago. This is the one - it's in Romanian, but there should be a Translate post at the end of it.
---
I didn't feel like talking to a human, but I contacted Booking via every other avenue possible and notified them about this.
---
I looked it up and... well, see for yourself:
22nd of September 2023, Bleeping Computer: Hotel hackers redirect guests to fake Booking.com to steal cards
28th of September 2023, Infosecurity Magazine: Booking.com Customers Targeted in Major Phishing Campaign
23rd of October 2023, The Guardian: Booking.com customers targeted by scam ‘confirmation’ emails
28th of October 2023, MUO: What Is the Booking.com Scam and How Can You Avoid It?
13th of November 2023, JD Supra: Booking.com Confirms Phishing Attack, Raising Concerns Over Possible Data Breach
21st of November 2023, The Guardian: More Booking.com customers come forward about scam ‘confirmation’ emails
These are just a few of the first results that came up when searching for "booking phishing".
---
Booking have replied and told me they've checked my reservation, it's been paid for, there's no problem with it and I should ignore all such messages asking me to make a payment outside their platform.
---
Anyway, maybe my writing this helps anyone.
TL;DR If you get a message from a hotel via Booking and you're being asked to update/ verify your card details, ignore it, it's a scam!
---
I'm going for a quick trip to Vienna and Bavaria in early December to see my final shows of the year, Insomnium and The Dead Daisies (with Spike from The Quireboys opening).
I'm not going to sleep on a bench at the train station in December, not when night time temperatures might drop quite a bit below freezing, so I booked hotels.
---
Tonight I got an email about a message from the hotel in Munich. To clarify, I got this message via the booking.com website.
The messages I receive like this are shown in the e-mail. This one was shown too. Copy-pasted the body of the message below:
Because of the updated booking guidelines, you are required to undergo a credit card verification process, which is compulsory even if you have made full payment for your reservation.
This process will not take more than 5 minutes.
You have a time window of 24 hours to confirm your reservation, or else it will be automatically canceled by the reservation system itself.
If you have already verified payment via bank transfer or any similar method, then we will automatically refund your money within three days (depending on your bank).
Please follow the personalized link: boоking.37511-confirm.cоm/p/6718435653
❗️IMPОRTАNT❗️
Before initiating the confirmation procedure, we kindly request you to familiarize yourself with the limits imposed by your bank and ensure that your card balance is adequate to cover the equivalent amount of the reservation. Please be aware that a small transaction will be conducted, resulting in the total amount of the booking being deducted. The funds will be promptly returned to your card within five seconds.
This process will not take more than 5 minutes.
You have a time window of 24 hours to confirm your reservation, or else it will be automatically canceled by the reservation system itself.
If you have already verified payment via bank transfer or any similar method, then we will automatically refund your money within three days (depending on your bank).
Please follow the personalized link: boоking.37511-confirm.cоm/p/6718435653
❗️IMPОRTАNT❗️
Before initiating the confirmation procedure, we kindly request you to familiarize yourself with the limits imposed by your bank and ensure that your card balance is adequate to cover the equivalent amount of the reservation. Please be aware that a small transaction will be conducted, resulting in the total amount of the booking being deducted. The funds will be promptly returned to your card within five seconds.
Anyway, I didn't like what this message said. I have already paid for this hotel. The concept of money being taken from my card even though I had already paid for the booking - I did not like this at all. Let's say the request rubbed me the wrong way, so I thought I'd take a second look at it.
Which raised additional red flags.
First off, a red flag the size of China: the link itself, which does not point to the booking.com domain. Their URLs look something like this (domain in bold):
secure.booking.com/mytrips.en-gb.html
Instead, this was a different domain (in bold):
bооking.37511-confirm.cоm/p/6718435653
This screams phishing, scam!
By the way, both Firefox and Chrome highlight domains in the address bar - the rest of the URL outside the actual domain is more faded. Here's a Firefox example screenshot - note how everything but the domain, pinimg.com, is more faded.
Then there was the inconsistency. First they say the money would be returned within 3 days, then within 5 seconds.
Then there was the immediacy, the time pressure/ threat - if you don't do this within 24 hours, your booking gets cancelled. The "important" in all caps.
Then there was the emoji right after my name at the beginning. Not very professional, ain't it?
Thought I'd check the Booking website directly. This message did show up among my messages from the hotel and so did another one, sent less than half an hour after the previous one.
Copy-pasting the second message because that raised even more red flags.
Message from Booking : We remind you that you still have not updated your details. Use the link you received in the chat above and update the information. Otherwise your booking will be cancelled.Please note that payment will not be made a second time if you have already paid for the hotel. But you need to update the details ⚠️
Thank you for your understanding, Booking.
bооking.37511-cоnfirm.cоm/p/6379174932
Thank you for your understanding, Booking.
bооking.37511-cоnfirm.cоm/p/6379174932
"payment will not be made a second time if you have already paid" contradicts the first message.
Wants to seem as if it comes from Booking, but messages from Booking don't show up with the hotel ones, they show up in a different tab/ section.
---
And then I remembered I had seen in passing a post from someone who had encountered such a phishing attempt weeks ago. This is the one - it's in Romanian, but there should be a Translate post at the end of it.
---
I didn't feel like talking to a human, but I contacted Booking via every other avenue possible and notified them about this.
---
I looked it up and... well, see for yourself:
22nd of September 2023, Bleeping Computer: Hotel hackers redirect guests to fake Booking.com to steal cards
28th of September 2023, Infosecurity Magazine: Booking.com Customers Targeted in Major Phishing Campaign
23rd of October 2023, The Guardian: Booking.com customers targeted by scam ‘confirmation’ emails
28th of October 2023, MUO: What Is the Booking.com Scam and How Can You Avoid It?
13th of November 2023, JD Supra: Booking.com Confirms Phishing Attack, Raising Concerns Over Possible Data Breach
21st of November 2023, The Guardian: More Booking.com customers come forward about scam ‘confirmation’ emails
These are just a few of the first results that came up when searching for "booking phishing".
---
Booking have replied and told me they've checked my reservation, it's been paid for, there's no problem with it and I should ignore all such messages asking me to make a payment outside their platform.
---
Anyway, maybe my writing this helps anyone.