Dear Which?,
I recently booked a hotel in Spain via Booking.com.
Later that day, I received an email purporting to be from the hotel. It said that due to new security regulations, it was no longer legal to hold credit card information without consent. It said, therefore, that I needed to confirm my details via a link. I clicked on the link and provided the information requested.
Around three weeks later, I received an email from Booking.com asking if I had received a suspicious email or phone call since making a booking and if I had clicked on any links.
I have now cancelled my credit card, and hope to hear no more about it. But it would be useful to know what happened.
Could you assist?
Mary WoolleyTali Ramsey, Which? researcher says:The card confirmation email you clicked on was sent by a fraudster in an attempt to obtain your details, so you’ve done the right thing by cancelling your card.
However, shortly after this message you received another email from the hotel asking you to pay in full before your arrival. The message also contained a link to make a payment. Naturally, you were suspicious, but when you called the hotel to ask if the message was genuine, it confirmed it was.
When we contacted Booking.com it said that the hotel had been hacked. It told us: ‘While the security breach wasn’t on Booking.com, the accounts of some of our accommodation partners were affected.
‘These accounts were quickly blocked by Booking.com and our teams are supporting accommodation partners to ensure they can quickly and safely resume their listings.’
Need to know
source https://www.which.co.uk/news/article/scamwatch-fraudsters-posed-as-my-hotel-to-get-my-bank-details-aWoVa0i12Pog