177 million forint fraud in Booking.com system – this is how Hungarian travelers are being scammed

How did the fraud work?

The fraudsters used a sophisticated method: first, they deceived the accommodation providers with phishing emails, gained access to their accounts, and then sent fake notifications to guests via the official messaging function of the Booking system. The messages warned travelers that their reservation “requires immediate processing” or would be canceled if they did not.

The affected guests clicked on a link and were taken to a website that looked very similar to the official Booking interface. Here, they were asked to enter their bank card details and a confirmation code received by SMS. The passengers thus unwittingly transferred the money to the fraudsters’ bank account, and not to the real accommodation.

A journalist was also targeted

A journalist from 24.hu was also tried to be scammed by fraudsters. He booked a Spanish accommodation back in November, but in January he received a suspicious message from the accommodation provider. The message stated that his reservation required immediate processing and that he should contact the accommodation at a specified email address. The journalist initially responded to the letter, but due to the later, increasingly suspicious instructions, he recognized the fraud in time and did not fall victim.

Reaction of Booking and the police

When contacted by 24.hu, Booking.com stated that their system had not been hacked, but that some of their accommodation partners had fallen victim to phishing attacks, which resulted in unauthorized access to their accounts. This allowed the fraudsters to send authentic-looking messages to guests from within.