The hotel staffer who calls you with an urgent request for payment isn’t necessarily who they say they are.
The end goal of the scam will typically be to try and get some kind of payment out of you related to the reservation. Requesting a bank transfer or details of a credit card are tactics that are regularly used, which will of course be routed to the scammers rather than the hotel or travel company you think you’re dealing with.
Scam attempts can come through emails and text messages as well as phone calls, and as is often the case with these kinds of criminal activities, some kind of urgency may be introduced—perhaps you’ll need to pay quickly to secure your reservation, or there’s been a mix-up with payment processing that needs to be rapidly rectified.
At its core, reservation hijacking scams operate the same way as many other scams: You’re contacted by someone who isn’t who they’re pretending to be. No matter how many details they might have about your bookings or travel plans, you shouldn’t engage with anyone asking you for money until you’ve verified their identity.
If you do have any doubt, ask if you can contact them—via whatever medium they’ve used. If someone is falsely claiming to be from a hotel and you ask if you can call the hotel back, the ruse very quickly falls apart. You should be particularly cautious when questions are asked of you, even if it’s just to “confirm” some details.
Booking.com told the BBC that it will never ask customers to share credit card information over the phone, email, or text. The comapny also will never ask customers to make any kind of payment (like a bank transfer) that’s different from the payment details in their booking.
Sticking to official communication channels and apps is essential when trying to protect yourself against these and other scams. Bad actors looking to make money from you will have to operate outside these official channels, because they’re not official. As always, don’t rush into anything, which the scammers will almost always try and make you do.
All of the standard security practices still apply too. Secure your accounts with strong, unique passwords that you don’t share with anyone and which are impossible to guess. And if the accounts you’re using offer two-factor authentication (as Booking.com does), where a verification code is needed in addition to a username and password, turn it on.
