Booking.com under attack: The unseen threat to Australia’s accommodation sector
The $337K scam surge: Online fraudsters target Aussie hotels
The Australian accommodation industry has become a devil’s playground for online scammers, with a disturbing surge in internet fraudsters exploiting fake Booking.com links to swindle both guests and providers. This alarming trend has transformed what should be a trusted digital marketplace into a breeding ground for financial loss and reputational damage.
According to the Australian Competition and Consumer Commission (ACCC), reports of scams linked to Booking.com skyrocketed in 2023, resulting in Australians losing more than $337,000. The scale of these scams is unprecedented, and the consequences are devastating.
The Winter Issue of AccomNews is out now. Read it HERE
Cybercriminals have infiltrated the Booking.com accounts of some accommodation providers, using their access to send fraudulent messages to guests, demanding sensitive credit card information. These scammers are not just targeting individual bookings; they’re creating fake listings for legitimate properties, siphoning off funds directly into their own accounts.
Sam Steel, co-founder of leading accommodation software Resly, warns that the Australian accommodation industry must unite to combat this escalating threat. “If all Australian accommodation providers adopt robust security measures, we can fight back against these relentless attacks,” Mr Steel said. “A coordinated defence could make Australia a fortress too tough for scammers to breach, forcing them to move on.”
“The tactics employed by these fraudsters are alarmingly sophisticated. I’ve seen landing pages that look identical to Booking.com or Agoda, sent via email or text to guests, claiming their payment was declined,” Mr Steel said.
“If I weren’t familiar with these scams, I could easily fall victim and hand over my details.”
For scammers to execute these deceptions, they need access to the hotel’s systems—whether it’s the reception desk computer or other internal networks. “Protecting your systems is the first and most crucial step in safeguarding both your business and your guests from these attacks,” Mr Steel emphasised.
Fortunately, there are straightforward yet powerful measures that every accommodation provider can implement to bolster their defences. “One of the simplest is two-factor authentication,” Mr Steel advised. “This adds an additional layer of security, making it nearly impossible for someone to access your systems without also having your mobile phone.”
Despite its effectiveness, two-factor authentication is often met with resistance. “We hear complaints about the extra 10 seconds it takes to receive a text message with a code,” Mr Steel said. “But that minor inconvenience is a small price to pay for the security of your brand, your business, and your guests.”
Another common vulnerability is phishing emails, which often target generic info or reception inboxes. “These emails may prompt users to ‘reset your password’ or ‘download a file,’ tricking unsuspecting staff into granting access to the system,” Mr Steel explained.
“It’s critical that staff are trained to pause and question the legitimacy of these requests.”
The consequences of falling victim to these scams can be catastrophic. “Once scammers gain access to your system, they can cause irreparable damage—often without you even knowing until it’s too late,” Mr Steel warned. “These scams are not only draining guests’ bank accounts but also threatening the very survival of accommodation businesses across Australia.”
The scale and sophistication of these cyberattacks have reached a point where even credit card processing companies and banks are struggling to keep up, often pushing back against reimbursing victims. “The reality is that scammers are ruining businesses and stealing from guests simultaneously,” Mr Steel said. “Accommodation providers must be the first line of defence because prevention is always better than cure.”
Mr Steel can’t emphasise enough the importance of vigilance and regular staff training in maintaining robust security practices. “In an industry with high staff turnover, it’s essential to continuously educate employees about the dangers of phishing emails and the importance of logging out of systems when they’re not in use,” he said. “You can never be too cautious when it comes to protecting against scammers.”
To combat these scams, Mr Steel and his team regularly report fraudulent landing pages to platforms like Booking.com, ensuring they are taken down swiftly. However, the ACCC advises Booking.com users to take additional precautions: contact properties directly by phone and remain suspicious of any links received via messages or emails.
The ACCC’s Scamwatch program reported 363 cases of scams mentioning Booking.com in 2023—a staggering 600 percent increase from the previous year.
Queensland University of Technology Professor Cassandra Cross highlighted that the success of these scams lies in the widespread practice of online booking. “We are all expected to be on these platforms booking and putting in our credit card and personal information,” she said. “That is what offenders know that we do, and that is why they are popular and really quite effective.”
A spokesperson from Booking.com expressed regret over the situation, stating that the company’s top priority is ensuring its platform remains “safe, secure, and trustworthy”. “Every week, we facilitate millions of stays, with the vast majority taking place without any issues,” the spokesperson said.
The National Anti-Scam Centre’s tips to stay safe from online scams include:
- Independently verify emails by contacting the property directly.
- Contact the organisation using a phone number you have sourced yourself—never one provided in an email or text.
- Use the organisation’s app to securely access your account, verify messages, and enable two-factor authentication.
- Be aware that customer service representatives will never ask for your account password or credit card information over the phone.
Grantlee Kieza OAM has won three Queensland Media Awards, two Australian Sports Commission Awards and has been a finalist for the Walkley and News Awards and for the Harry Gordon Award for Australian sports journalist of the year. In 2019 he received the Medal of the Order of Australia for his writing. You can find more of his work in our AccomNews & Resort News print magazines.
He has written 22 acclaimed books, including bestsellers Hudson Fysh, The Kelly Hunters, Lawson, Banks, Macquarie, Banjo, Mrs Kelly, Monash, Sons of the Southern Cross and Bert Hinkler.