Other information and services of the government: www.belgium.be   Logo van de Belgische federale overheid

Thinking of booking your summer holidays? Beware of fraudulent messages appearing to come from booking platforms

In recent months, a number of people have fallen victim to phishing attacks when booking their holidays on online booking platforms.

Some Booking.com customers, for example, have been victims of fraud after hackers took possession of the e-mail accounts of some of the hotels and accommodation offered on the site.

Customers have received an email appearing to come from Booking.com explaining that payment for their booking has not been completed successfully or that they need to check their payment details. Warning: this is a scam. The Booking.com email address may have been used by pirates (spoofing technique).

This scam has also appeared via the Booking.com mobile application, where the so-called hotel asks for bank verification by clicking on a link in a message sent directly to the customer's account.

Customers were therefore encouraged to make a new payment or provide their bank details or risk having their booking cancelled.

How do you unmask such a message?
  • The emails appear to come from Booking.com's official address, noreply@booking.com, and contain all the correct information about your trip: destination, dates, etc. The scam is therefore very difficult to unmask. So it's not Booking.com or the hotel that contacts you, but a scammer.
  • The tone of the e-mail should alert you. Scammers use a convincing tone of voice and stress the urgency of the situation, otherwise your booking will be cancelled. A hotel or Booking.com would never use this tone.
  • Be careful about language and spelling mistakes.
  • Always be wary when you are asked to repeat a payment. In addition, any message asking you to verify your bank details is a scam. Even your bank will never ask you for this information.
What should you do if you receive this type of email?
  • Never pay via a link in an e-mail, WhatsApp message or text message.
  • Check your reservation via your personal account on Booking.com. You will see directly if a payment is expected from you.
  • If in doubt, contact Booking.com or the hotel directly to check the veracity of the message. Do not use the contact details contained in the message but check the details on the booking.com or hotel website.
  • You can forward fraudulent e-mails or messages to suspicious@safeonweb.be.
  • Check the reliability of a website with the Safeonweb browser extension. It tells you, for each website you visit, whether the owner has been validated (green) or not (orange).

Websites whose owner has not been validated (orange) should be reserved for reading. Share personal and sensitive information only on validated websites (green). Malicious or insecure websites are marked in red.

Find out how to install the extension at https://safeonweb.be/en/safeonweb-browser-extension.

Too late, you've been swindled?
  • If you have lost money or been the victim of extortion, we advise you to report it to the police. You can report it to the local police where you live. 
  • Contact your bank and/or Card Stop on 078 170 170 if you have passed on banking information, if money is disappearing from your bank account or if you have transferred money to a fraudster. This way, any fraudulent transactions can be blocked.