Scammers use phishing attacks to trick guests into paying criminals directly
Feb 26, 2025
Over the course of three months, a sophisticated fraud operation preyed on Hungarian travelers through Booking.com, stealing a total of 177 million forints. The scam involved criminals gaining access to the accounts of accommodation providers and tricking guests into paying the fraudsters directly for their reservations instead of the legitimate establishments. The fraudulent activity was carried out using phishing emails and deceptive messages that appeared to come from Booking.com itself.
Key takeaways
- The criminals used phishing attacks to gain access to the accommodation providers’ Booking.com accounts;
- They sent fake notifications to guests, warning them that their reservations would be canceled unless they took immediate action;
- A fake website resembling Booking.com collected guests’ bank card details and confirmation codes via SMS, and transferred funds to the fraudsters’ accounts;
- A journalist from 24.hu almost fell victim to the scam, but spotted the fraudulent activity before he lost money;
- Booking.com confirmed that their system hadn’t been hacked, but that the fraud was due to phishing attacks on their accommodation partners.
Get the full story at Trademagazin
