Skip to main content
  1. Home
  2. Computing
  3. News

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Watch out for this phishing scam impersonating Booking.com

Add as a preferred source on Google
Woman pulling out credit card in front of laptop.
Image used with permission by copyright holder

If you work in hospitality and find an email in your inbox from Booking.com claiming to be an angry guest, then watch out — it may well be part of a phishing scam. Microsoft has warned that a phishing campaign has been underway sending fake emails from Booking.com which lead users to download malicious software.

In a blog post about the issue, Microsoft Threat Intelligence writes that this is an ongoing campaign which has been around since December last year, and uses a social engineering technique called ClickFix. The victim receives an email which appears to come from Booking.com and which can vary widely in its content — from guest complaints to requests for information from potential guests to account verification — and which includes a link (or attaches a PDF with a link) that claims to take the user to Booking.com to deal with the issue.

Recommended Videos

When users click on the link, they see a screen which appears to be a CAPTCHA overlay over a Booking.com page, but the CAPTCHA actually instructs the user to open up Windows Run and copy and past a command which downloads malware onto their system.

Once installed, the malware can steal financial data and credentials, a technique which Microsoft identifies as in line with a previous phishing campaign by a group it calls Storm-1865.

Phishing scams are unfortunately not unusual today, however this is a fairly sophisticated version which takes advantage of hospitality workers’ worries about guest satisfaction. To protect yourself from this and other phishing attempts, Microsoft advises users to check the sender’s address on a email, to be wary of messages about urgent threats, and to hover over links to see the full URL before clicking on them. When in doubt, go directly to the service provider — in this case, by going straight to Booking.com — rather than clicking on a link.

Update 03/14/25:

Booking.com provided the following statement:

“Unfortunately, phishing attacks by criminal organizations pose a significant threat to many industries. While we can confirm that Booking.com’s systems have not been breached, we are aware that unfortunately some of our accommodation partners and customers have been impacted by phishing attacks sent by professional criminals, with the criminal intent of taking over their local computer systems with malware.

“The actual numbers of accommodations affected by this scam are a small fraction of those on our platform and we continue to make significant investments to limit the impact on our customers and partners.

“We are also committed to proactively helping our accommodation partners and customers to stay protected. We also provide ongoing cybersecurity education and resources to our partners to enhance their defenses against such threats.

“Should a customer have any concern about a payment message, we ask them to carefully check the payment policy details on their booking confirmation to be sure that the message is legitimate. Customers are also encouraged to report any suspicious messages to our 24/7 customer service team or by clicking on ‘report an issue’ which is included in the chat function.

“It is important to note that we would never ask a customer to share payment information via email, chat messages, text messages, or phone.We urge our customers and partners to remain vigilant. If you encounter any communication that seems suspicious or requests sensitive information through unofficial channels, please do not engage. Report it immediately to our customer service team through official Booking.com channels. Our Trust and Safety Resource Center offers additional guidance on recognizing and avoiding phishing attempts.”

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Anthropic confirms Claude acts differently depending on your language and which model you pick
A new study shows Claude's isn't nearly as consistent as you might assume.
Claude app on iPhone

If you've ever felt like Claude gave you a completely different vibe on one day than another, you weren't imagining it. Anthropic just published research confirming that its chatbot's personality shifts depending on which model you pick and which language you type in, and the pattern is consistent enough that it's worth knowing before you ask your next question.

The model you pick decides how Claude responds

Read more
This website is a goldmine if you love Mac menu bar apps
Discover hundreds of menu bar apps, from tiny utilities to powerful productivity tools, all in one place.
MacMenuBar website open on Mac

The menu bar is the most underrated part of macOS. It sits quietly at the top of your screen, and most people never do anything with it other than checking the time and battery percentage. But if you find the right apps, that thin strip becomes the fastest way to get things done on your Mac.

The problem is finding those apps. The Mac App Store is not great at surfacing them, and hunting through random blog lists is a chore. And while I have shared my favorite Mac utilities that include menu bar apps like Supercharge and CleanShot X, there’s an even better place to find the best apps for your Mac’s menu bar.

Read more
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more