Cybercriminals Exploit Booking.com: A Sophisticated Scam Targeting Travelers

TL;DR

Cybercriminals are exploiting Booking.com reservations to steal from travelers through sophisticated scams. These attacks involve compromising hotel systems to send fraudulent messages, leading to financial losses and eroded trust among victims. Travelers are advised to remain vigilant and follow security best practices to avoid falling prey to such scams.

Introduction

In a recent incident, Robert Woodford, a recruitment marketing specialist, shared his experience on LinkedIn of falling victim to a sophisticated scam while booking a hotel in Verona through Booking.com. This incident underscores the growing threat of cybercriminals targeting the hospitality industry and travelers.

The Scam Unfolded

Woodford completed a legitimate booking and exchanged communications with the hotel. However, he later received a separate message purportedly from Booking.com requesting “missing details” and a prepayment. Despite his caution, Woodford logged into Booking.com directly and found the same message in his communication thread with the hotel. The payment link seemed official, containing “bookingcom” in the URL, but it turned out to be fraudulent¹.

Understanding the Attack

This scam aligns with a previous report on how phishers use fake CAPTCHAs to trick hotel staff into downloading malware. The Swiss National Cyber Security Centre (NCSC) also reported similar attacks where hotel staff were deceived into installing malware, compromising booking systems and guest communications².

These attacks are effective because cybercriminals infiltrate real hotel systems, sending malicious messages through official platforms. Once the booking system is infected, attackers can access guest data and payment information, impersonating hotels to reach guests directly³.

Industry Response

Arcona Hotels & Resorts issued a warning after discovering “technical irregularities” and disconnected several locations from central IT services as a precaution. ResponseOne GmbH, specializing in IT forensics, was engaged to manage the situation. Arcona’s advisory suggests this incident may be part of a broader campaign targeting the hospitality industry’s digital infrastructure⁴.

Advice for Travelers

Cybercriminals are not only targeting guests but also infiltrating hospitality systems, turning trusted platforms into fraud vectors. To stay safe:

• Access Booking Platforms Directly: Type URLs directly into your browser instead of clicking email links.
• Verify Payment Requests: Contact the hotel or booking platform through official channels.
• Be Wary of Urgent Payment Demands: Be suspicious of unusual payment methods or urgent demands.
• Use Secure Payment Methods: Opt for credit cards or other options with fraud protection.
• Report Suspicious Messages: Inform the booking platform immediately.
• Use Browser Protection: Safeguard against scams and malicious sites with tools like Malwarebytes Browser Guard.

Conclusion

The compromise of trusted booking systems highlights the need for vigilance and proactive security measures. Both travelers and hotels must remain alert to mitigate risks and protect against sophisticated cyber threats. For more insights, visit the full article.

Additional Resources

For further insights, check:

• Malwarebytes Blog
• Swiss National Cyber Security Centre

References

1. “Booking.com reservation abused as cybercriminals steal from travelers” (2025). “Booking.com reservation abused as cybercriminals steal from travelers”. Malwarebytes. Retrieved 2025-06-06. ↩︎

2. Swiss National Cyber Security Centre (NCSC) (2025). “Wochenrückblick 9”. Retrieved 2025-06-06. ↩︎

3. (2025). “Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware”. Malwarebytes. Retrieved 2025-06-06. ↩︎

4. Arcona Hotels & Resorts (2025). “Hinweis”. Retrieved 2025-06-06. ↩︎