Overview
- Security researchers and consumer experts report a surge in highly convincing messages that reference real reservations and pose as hotels, booking sites or airlines.
- New reporting describes a 'reservation hijack' tactic that either imitates official branding or uses hacked hotel or partner accounts to contact guests inside trusted platforms.
- Messages often claim a payment failed or a booking is at risk to trigger quick action, which leads people to fake pages that capture card or login details.
- Action Fraud figures show 532 Booking.com-related reports in the UK between June 2023 and September 2024 with losses of about £370,000 and roughly £700 per victim on average.
- Travellers are urged to check bookings only through official apps or websites, avoid clicking links, forward suspicious UK texts to 7726 to help block numbers, contact their bank fast if they shared details, and change passwords.