During a recent journey, I reserved an airport hotel for a stopover in Jakarta. I made the booking through Booking.com, choosing the option that allows automatic payment from my card a few days prior to my arrival.
A week prior to the journey, I got a WhatsApp message that claimed to be from the Jakarta airport hotel. It had a profile picture resembling a staff member, and the message contained my full name, my reservation code, and the dates of my stay.
The message stated that in order to keep my reservation “secure,” I had to confirm certain details. It instructed me to click on a link, where I would be asked to temporarily verify my payment method, but would not incur any charges.
The notification informed me that if I didn’t finish this procedure within 24 hours, the system could potentially cancel my reservation on its own.
Lately, warnings have begun to show up on the Booking.com website, reminding users to stay cautious about phishing and email spoofing.
Fortunately, I had noted these warnings and was aware of the indicators: requests to click on links and urging you to act within a short time frame are classic.
I adhered to Booking.com’s rules and flagged the questionable message, and the next day I received a phone call informing me that it wasn’t sent by the hotel and I was advised to remove it.
While I was comforted regarding my imminentstay, I remained uneasy about the extent of personal information the scammer had obtained regarding my reservation.
This year, the consumer protection organization Which? published a detailed report revealing numerous frauds and security problems on Booking.com. It appeared that my phishing message was merely the beginning of a much larger problem.
The increase in fraudulent listings on Booking.com
Booking.com is a global giant that processes over a billion bookings annually, competing with Airbnb to dominate the holiday accommodation market.booking sites.
Which?’s inquiry discovered that a significant part of its popularity stems from the simplicity with which businesses and property owners can publish their listings.
The watchdog tested the procedure and managed to generate a list ofholiday homein under 15 minutes.
We didn’t have to prove our identity. And, unlike when you list your home on Expedia’s Vrbo – or onAirbnb“Last time we attempted it – there was no requirement to present a driver’s license or passport,” states senior researcher Trevor Baker.
Although this could contribute to Booking.com’s achievements, it also enables fraudulent activities on the platform.
A 2024 study conducted by Which? revealed that numerous individuals had reported financial losses due to fraudulent listings within a short period.
Booking.com removed the listings highlighted by Which?, stating that these were simply property owners who had “failed to turn off availability when the accommodation was closed or temporarily unavailable.”
But when the investigators came back a few months later, they discovered even more properties featuring hundreds of negative reviews cautioning that theaccommodation was a scam.
Travelers claimed they arrived at locations that didn’t exist, forcing them to search urgently for other places to stay. Afterwards, many faced difficulties in obtaining a refund from Booking.com.
Fraudulent listings persist by concealing negative feedback
The lodging platform informed Which? that it limits new hosts from taking payment bookings until they are verified to eliminate fake listings.
“It is true that we couldn’t accept advance payment for the listing we created; we needed some reservations and feedback first. However, this isn’t a major obstacle for someone with malicious intent,” says Baker.
If a scam listingsucceeds in passing unnoticed, it frequently continues to deceive visitors due to Booking.com’s rating system.
“Clicking on a vacation rental in the heart of Podgorica, Montenegro, would give you confidence through its 6.4 score, which Booking.com describes as ‘pleasant’,” notes Baker.
The initial two reviews displayed to you label it as ‘superb’ (9/10) and ‘good’ (7/10). Nevertheless, you would require keen vision to realize that Booking.com is presenting reviews it has arbitrarily chosen as the ‘most relevant’.
Alternatively, if you change your settings to view ‘newest’ listings, you’ll find that out of the last 12 reviewers, 10 have labeled it as a ‘con’, ‘scam’, and ‘a nightmare’.
Under pressure from Which? last year, theaccommodationThe site mentioned it planned to update its system to highlight newer reviews. However, at the moment, reviews are still defaulting to ‘most relevant’.
Messages that ask to verify bookings
Then there’s what occurred to me. Other travelers have also mentioned getting emails, WhatsApp messages, or even messages through Booking.com’s own messaging system asking for confirmation of a booking.
Certain messages prompt you to click a link for ‘verification purposes,’ while others directly request payments.
Many have a time constraint, meaning that even if you reach out to Booking.com regarding the message, you might not receive a response before the deadline, leading you to feel compelled to make the payment.
The reality that fraudsters have managed to exploit Booking.com’s legitimate messaging systems is especially concerning.
“When we investigated Airbnb“Frauds in 2017, we were sure about informing people that they would be safe provided they only used Airbnb’s messaging system,” says Baker.
Booking.com is different. If the hotels or hosts on its platform have been compromised, it may be challenging to determine whether the message you receive is truly from the hotel or a fraudster.
Booking.com is using artificial intelligence to combat fraudsters
During the inquiry, Which? obtained accounts from users who had lost hundreds of euros. For certain individuals, entire vacations were ruined. Most received reimbursements only after Which? stepped in to assist them.
So, how is Booking.com striving to enhance user safety? It’s looking towardsAI.
“We are consistently investing heavily and utilizing the most recent AI and machine-learning methods to detect and prevent questionable behavior at the earliest possible moment,” a representative states to Euronews Travel.
This innovation enables us to examine traffic trends, identify irregularities, and prevent potentially harmful actions from reaching our users.
Several proprietors have also mentioned that the platform enhanced its security measures for hotels and hosts in the previous year.
They now have to follow a two-step procedure, referred to as two-factor authentication (2FA), in order to access their accounts and messages, making it significantly harder for hackers to breach these accounts.
Guests may also enable 2FA, although users have encountered problems with it.
As per Which?, there is still a significant journey ahead.
Booking.com’s inability to block harmful links, remove ‘scam’listingsand – until recently – required 2FA for hosts indicates a lack of concern for users’ safety,” the report states.
The choice to display the so-called ‘most relevant’ reviews rather than ‘most recent’ was strange. We acknowledge that it is safer compared to last year. However, in our opinion, it has been too slow in recognizing how easily its tools have been utilized by fraudsters to steal funds.
jasdooit 
Leave a comment