Booking.com Scam UK: How to Spot Fake Booking Emails and Protect Your Holiday
Scammers are sending convincing fake Booking.com emails to steal your holiday plans and your money.
What is this scam?
Booking.com scams involve fraudsters impersonating the travel booking platform to trick you into revealing payment details, passport information, or login credentials. The scammer typically sends an email that looks like it comes from Booking.com, claiming there is a problem with your reservation, a payment has failed, or your account needs urgent verification. The email contains a link to a fake website that closely mimics the real Booking.com, where you are asked to log in or re-enter your card details.
Once you provide this information, the scammer has access to your account, can make fraudulent bookings, or sell your data to other criminals. Some variants ask you to call a number or click a link to 'confirm' your booking, leading to further fraud. This scam is particularly effective because people are often anxious about their holiday plans and act quickly without checking the email carefully.
Warning signs to look for
- The email address does not match Booking.com's official domain (check for slight misspellings like 'booking-confirm.com' or 'bookings.co.uk').
- The email creates urgency by claiming your payment failed, your booking is at risk, or your account will be closed unless you act immediately.
- You are asked to click a link and log in or enter your card details on a page that looks similar to Booking.com but has a different URL.
- The email contains poor grammar, spelling mistakes, or awkward phrasing that does not match Booking.com's professional tone.
- You did not initiate the action described in the email (you did not request a password reset, for example).
- The email asks for sensitive information like your full passport number, date of birth, or card CVV in the body of the email itself.
- Links in the email do not match the text they display (hover over the link to see the real URL before clicking).
- The sender's name or signature looks generic or does not match Booking.com's standard format.
How this scam works step by step
The scam typically begins with a phishing email that appears to come from Booking.com. The email might claim your payment method has expired, your booking needs confirmation, or there is suspicious activity on your account. The subject line is designed to trigger panic—for example, 'Urgent: Confirm Your Booking' or 'Payment Failed—Action Required'. You click the link in the email, which takes you to a fake website that looks almost identical to the real Booking.com. The site asks you to log in with your email and password, or to re-enter your payment card details.
Once you submit this information, the scammer captures it. They can then log into your real Booking.com account, make bookings in your name, change your payment method, or access your personal data including passport details and address. Some scammers also sell stolen credentials to other criminals. In other variants, the email asks you to call a phone number to 'verify' your booking, and the person on the line tricks you into revealing card details or downloading remote access software. By the time you realise something is wrong, the fraudster has already made purchases or sold your data.
How to verify if it is genuine
If you receive an email claiming to be from Booking.com, do not click any links in the email. Instead, open your web browser and go directly to Booking.com by typing the address yourself or using a bookmark you created previously. Log into your account and check your bookings and messages directly within the site. Genuine Booking.com emails will always come from an address ending in '@booking.com'—check the sender's full email address carefully, not just the display name.
You can also hover over any link in the email (without clicking) to see the real URL it points to; if it does not match Booking.com's official domain, it is a scam. If you have an active booking, log in to your Booking.com account to see if there are any genuine messages or alerts there. Booking.com will never ask you to confirm your password, card details, or passport information by email or by clicking a link.
If you are unsure, contact Booking.com directly through their official website's help centre or call their customer service number listed on your booking confirmation or their official website. Never use contact details from the suspicious email.
What to do if you have already interacted
If you clicked a link and entered your Booking.com login details, change your password immediately by logging into the real Booking.com website directly (not via any email link). Use a strong, unique password that you have not used elsewhere. Check your account for any unauthorised bookings or changes to your payment method, and delete any payment cards you no longer recognise. If you entered your credit or debit card details on the fake site, contact your bank immediately using the number on the back of your card or the number on your official bank statement.
Ask your bank to cancel the card and issue a replacement, and request they monitor your account for fraudulent transactions. If you provided your passport number or other identity information, consider registering with Action Fraud and monitoring your credit file through a service like TransUnion or Experian to watch for identity theft. Do not make any payments or bookings through Booking.com until you are certain your account is secure. If money has already been taken from your account, your bank may be able to reverse the transaction, but this depends on how quickly you report it.
Reporting this scam in the UK
Report the scam to Action Fraud, the UK's national fraud reporting service, by calling 0300 123 2040 or visiting their website. Provide them with the email address the scam came from, the fake website URL, and details of any money lost. Forward the suspicious email to the NCSC Suspicious Email Reporting Service at report@phishing.gov.uk—this helps the NCSC take down fake websites and block similar scams. If you received the scam as a text message, forward it to 7726 (spells 'SPAM').
Report the phishing email to Booking.com directly by forwarding it to their abuse team; you can find their contact details on the official Booking.com website. If your bank account or card was compromised, also report the fraud to your bank's fraud team immediately. Contact Citizens Advice on 0808 223 1133 if you need support understanding your rights or next steps. Keep copies of all emails, screenshots, and correspondence for your records, as you may need these for your bank's investigation or for Action Fraud.
Frequently asked questions
Is Booking.com a legitimate company?
Yes, Booking.com is a real, well-established travel booking platform used by millions of people worldwide. However, scammers regularly impersonate Booking.com in emails and fake websites because the brand is trusted. Always verify emails by logging into your real Booking.com account directly, not by clicking links in emails.
What should I do if I have already sent money to the scammer?
Contact your bank immediately using the number on the back of your card and report the fraud. Your bank may be able to reverse the transaction if you report it quickly, especially if the money has not yet been withdrawn by the scammer. Also report the scam to Action Fraud on 0300 123 2040 and ask your bank to monitor your account for further fraudulent activity.
Can I get my money back if I paid through a fake Booking.com website?
This depends on how you paid and how quickly you report it. If you used a debit card, your bank may be able to reverse the transaction within a certain timeframe. If you used a credit card, you may have stronger protection under chargeback rules. Contact your bank immediately—the sooner you report it, the better your chances of recovery. However, if the scammer has already withdrawn the money, recovery may not be possible.
How do I report a Booking.com scam email?
Forward the email to the NCSC Suspicious Email Reporting Service at report@phishing.gov.uk, and also report it to Action Fraud on 0300 123 2040. You can also report the phishing email directly to Booking.com through their official website. If you received it as a text, forward it to 7726. Provide as much detail as possible, including the sender's email address, the fake website URL, and the date you received it.