Huge phishing scam on Booking.com: Hungarian users lost immense amounts of money

A recent wave of phishing attacks targeting Booking.com users in Hungary has resulted in significant financial losses, with cybercriminals stealing approximately HUF 177 million (roughly EUR 440,000) over a three-month period. The scam, which exploits the trust users place in the popular accommodation booking platform, has prompted warnings from both law enforcement and Booking.com itself.

As 24.hu reports, the fraudsters’ stealing method involves sending emails that appear to be from legitimate accommodation providers. These messages contain links to websites that closely mimic Booking.com‘s interface. Under the guise of “information verification,” unsuspecting victims are asked to provide their credit card details and booking amounts. The scammers then trick users into “confirming” their bookings with a code, which actually authorises a fraudulent transaction, effectively charging the victim twice for their reservation.

Booking.com users scammed

According to police reports, between November 2024 and January 2025, 112 Hungarian users filed complaints or reports after falling victim to these fraudulent activities, HVG writes. The breakdown of the incidents is as follows:

• November 2024: 54 criminal proceedings initiated, with damages totalling HUF 32,308,778 (EUR 80,555).
• December 2024: 36 criminal proceedings, with losses amounting to HUF 136,695,333 (EUR 340,820).
• January 2025: 22 criminal proceedings, resulting in HUF 7,982,718 (EUR 19,902) in damages.

On average, victims lost approximately HUF 1.58 million (EUR 3,940) per incident. The police have launched investigations into these cases and are working with Booking.com to gather more information.

Booking.com has stated that their systems were not breached. However, they acknowledged that a small number of their accommodation partners fell victim to sophisticated phishing emails, which in some cases led to unauthorised access to their Booking.com accounts. This allowed the fraudsters to impersonate legitimate hosts and deceive guests.

To combat these malicious activities, Booking.com employs AI and machine learning technologies to detect and prevent suspicious activities. The company has also set up a cybersecurity advisory centre for hosts to report any concerns.

Both the police and Booking.com have issued guidelines to help users protect themselves:

1. Always access the website through its official app, not via email links.
2. Verify the sender’s email address before clicking on any links.
3. Check that the website uses HTTPS protocol and review its security certificates.
4. Avoid initiating online banking transactions on unfamiliar websites.
5. Keep antivirus software active on all devices.
6. Refrain from installing programmes at the request of others, as scammers often disguise malware as security solutions.
7. Review comments and feedback about the website.

Users who suspect they have fallen victim to fraud are urged to report the incident to the police immediately, even if no financial loss occurred. Reports can be made in person, through the police website, or by calling the toll-free number 06-80-555-111, which is available 24/7, HVG writes.

Related articles:

• Serious problems with Booking.com: Hungarian accommodation providers outraged
• Breaking: Booking.com receives record fine in Hungary

Featured image: depositphotos.com