According to Japan Today , several hotels have received complaints from customers who say they lost money when booking through Booking.com. Because this situation has happened many times, the Japan Tourism Agency has requested an investigation into the incident.

Not only Japan, a report from CNN said that a user in Porto (Portugal) also encountered the same thing. According to the shared information, this person received an advertisement with positive comments, attractive prices and was confirmed by Booking.com. However, all were scams.

A few days after making the reservation, the user received a message: “My name is Andreas. You have booked a room at our property but your card is invalid. You can enter your card details and the problem will be solved.” After the prompt, the user re-entered the data. The problem is that once this happens, the victim cannot contact the other party.

In an advanced study conducted by cybersecurity expert Piyokango, alarming data on the attacks was discovered. According to Piyokango, since June 2023, 118 accommodation companies have fallen victim to phishing. Hackers sent emails to hotels with the aim of accessing confidential content of Booking.com. The email contained a malicious link, and when the user clicked on it, the computer was infected.

After gaining access to Booking.com’s system, the hackers send payment requests to customers, who are often unsuspecting and willing to pay the amount in question. They then receive a notification that their stay has been canceled for failure to pay in advance.

Japan Today cited an example that occurred in August 2023. According to the source, a hotel received an email complaining about an allergic reaction to the daughter of a guest staying there. After a hotel employee clicked on the link, the hacker gained access to sensitive data. A hotel employee said the hacker took advantage of the hotel's desire to do its best to accommodate the guest's request to carry out the attack.

Similar cases began to appear in Europe in 2022. However, the problem has spread to other continents. In December 2023, Booking.com announced that it would no longer request payment details via chat or email.