Avoid Falling Prey To This Troubling Hosting Scam That's Exploding On Sites Like Booking.com

Today, planning a great vacation without stress has become easier than ever thanks to platforms like Booking.com. However, with that convenience, travelers have seen the resurgence of an already too-common travel scam: phishing. And, with the rise of artificial intelligence, these scams are becoming even more sophisticated, harder to detect, and far more frequent.

Phishing scams on Booking.com typically involve cybercriminals gaining access to legitimate hotel accounts or impersonating them through look-alike profiles or messaging systems. Once inside, they send realistic messages to travelers — often via Booking.com's own messaging platform — urging them to reconfirm payment, submit credit card details, or even transfer funds through third-party links. Because the messages appear to come from a confirmed reservation or a real property, many travelers don't think twice before complying. In fact, according to the firm's internet safety boss, Marnie Wilking, there has been "anywhere from a 500 to a 900% increase" in scams in the past 18 months — especially related to phishing. "Of course, we've had phishing since the dawn of email, but the uptick started shortly after ChatGPT got launched," she said in conversation with the BBC.

A Booking.com spokesperson even stated that there have been instances where phishing emails hacked certain accommodation partners, leading criminals to impersonate the true owner of the account (in this case, the actual hotel or property) and communicate with guests directly through messages. To make matters worse, hackers don't necessarily need to break into Booking.com itself. Sometimes, compromising an individual hotel's email or dashboard login is enough. Once inside, they can use the legitimate Booking.com interface to send fraudulent messages that look no different from real ones.

Before artificial intelligence (AI), a way to quickly spot phishing attempts was poor grammar and spelling. However, generative AI can now create flawless, well‑formatted phishing emails with proper grammar, tone, and branding — making them almost indistinguishable from genuine messages. To top it off, AI also enables fully automated phishing campaigns, like cloning full websites, that rival human‑quality attacks. In some cases, AI-generated responses are even used to engage with guests in back-and-forth chats, gaining the potential victim's trust before delivering the final fraudulent request.

So, how can you protect yourself? First, never submit payment through links sent via chat, as Booking.com does not typically request payments through its internal messaging system. Also, make sure you double-check all email addresses and URLs. Scammers often use domains that closely resemble official ones, with small character swaps that can be easily missed (like "Booklng.com" instead of "Booking.com"). 

Additionally, if anything feels off, try Googling the accommodation's phone number and call them directly. However, if you happen to see a phone number in the potentially fraudulent email, don't call that one as it might be the scammer's number. Similarly, don't rely solely on in-app messaging — especially if you're being asked to act quickly or urgently. Finally, make sure you always use a credit card (not debit) when making payments. It offers stronger fraud protection in case your information is compromised.