Booking.com breach exploited to send fake hotel payment demands to UK guests using real booking details
Impersonating: Booking.com
What is this scam?
Following a breach of hotel-partner accounts on Booking.com in April 2026, fraudsters obtained guest names, email addresses, phone numbers, check-in dates, and booking reference numbers. Scammers are using this data to send convincing phishing messages impersonating hotels — via the Booking.com messenger or copycat emails — demanding urgent card re-verification or an additional payment to secure the reservation. Because the messages reference the guest's actual booking details, they are highly credible and difficult to identify as fraudulent. The NCSC and Action Fraud have both flagged the tactic; payment and full card data were not taken in the breach itself, but victims who click and pay lose real money.
Example scam message
Red flags to look out for
- The message creates urgency — threatening a fine, missed delivery, or account closure.
- Links lead to unofficial domains that don't match the real company's website.
- You weren't expecting this message and can't verify the event it references.
- It asks you to confirm payment details or personal information via a link.
- The sender's number or email address doesn't match the company's official contact.
What to do if you receive this
- Do not call any numbers or click any links in the message.
- Log in to your account directly via the official website or app to check for any real alerts.
- Forward the message to 7726 or email report@phishing.gov.uk.
- Report it to Action Fraud at actionfraud.police.uk.
Not sure if your message is a scam?
Check it instantly with our free AI-powered detector.
Check a message nowSource: Action Fraud