Online travel portals have revolutionized the way we book hotels and flights, offering convenience and competitive pricing. However, recent reports have shown that scammers are increasingly targeting these platforms to exploit unsuspecting holidaymakers. Phishing scams related to popular platforms like Booking.com have seen a rise, with scammers employing sophisticated tactics. In this article, we’ll explore the methods scammers use and how you can protect yourself when using these travel portals.
In early 2023, there were at least five reported cases of phishing scams related to hotel room bookings on Booking.com, resulting in total losses of $8,800. Later, a more extensive scam affected over 30 people, costing them a total of $41,000 since September. These scams often involve criminals sending fake website links and requesting personal and banking information such as credit card details and one-time passwords.
The tactics employed by scammers have become increasingly sophisticated. They have posed as hotel representatives on messaging platforms like WhatsApp and have even sent emails and messages through the official accounts of hotels directly via Booking.com’s in-app chat function. While Booking.com has stated that these scams don’t breach their backend systems, they acknowledge the threat these scams pose to customers and accommodation partners.
Mr. Ian Lim, a security expert, outlined three potential methods by which scammers could compromise the in-app chat function. Firstly, an account takeover could occur when the computers of employees and booking agents are hacked, allowing scammers to respond from those accounts. Secondly, a man-in-the-middle attack could intercept conversations and possibly alter information. Lastly, a third party, like Booking.com’s partners, may be compromised, giving scammers administrative access to the chat function.
To safeguard customer data, Booking.com and other platforms have dedicated teams that oversee account security. They use custom tools to monitor, block, and detect suspicious activities around the clock. Traveloka, a popular travel startup, follows a similar approach. They closely monitor bad actors impersonating their platform and collaborate with relevant parties to take them down.
With scammers continually evolving their tactics, it’s essential for consumers to stay vigilant. Booking.com and Traveloka both emphasize that they will never request credit card details via text messages or email. If you receive a suspicious payment message, it’s crucial to verify the accommodation’s payment policy on the property listing page or contact customer service immediately.
Traveloka also advises customers to make bookings only through their website or app and not to click on links to provide personal information or account details. Mr. Lim further emphasizes the need to exercise caution, especially if a message appears urgent or unusual. Scammers often aim for quick returns, so any message demanding immediate action should be approached with skepticism.
(Source: Aqil Hamzah | The Straits Time | Today)
