A new cyber threat facing hospitality businesses using Booking.com

If your business uses the Booking.com platform, you need to be aware of a new cyber threat that’s just emerged.Booking.com are aware of the issue and it is being investigated, but you need to be vigilant.

At the moment we know that:

• Fraudsters are inserting a new booking reply template into the hotels booking.com account which tells guests their payment has failed just after booking and offers a link to make payment a second time.
• The problem appears to be affecting businesses which use OTA's and other online distribution partners.
• If the fraudulent templates are deleted, they may reappear. The fraudsters are using a script to push new versions into the extranet.

Until the issue is resolved please be very cautious. This attack is convincing and has the potential to damage your reputation. We recommend that you take the following steps as a matter of urgency:

1. Log in to the Booking.com platform.
2. Check the templates in the extranet. If there’s a new one, remove it.
3. Check again throughout the day. We recommend repeating the checks every thirty minutes, including throughout the night. 

If you discover an incident:

1. Please report it immediately to Booking.com. Give them your hotel’s ID
2. Use the Booking.com platform to message any affected guests.  We suggest, "Dear Guest, You may have received a fraudulent email via Booking.com, please ignore the email. Should any further action be required,Booking.com will be in touch directly."
3. You may also consider changing passwords on the Channel Manager or CRS.

Protect your hotel from cybercrime

Criminals are targeting every sector, but you don’t have to make things easy for them. A few basic procedures, along with an alert and aware staff, will go a long way to keeping your business safe and your reputation intact.

We’ve produced a Standard Operating Procedure for users of Booking.com. It’s effective and easy to follow and effective, mitigating much of the risk of an attack. Click here if you’d like a copy.

Alternatively, if you’re interested in learning more about cybersecurity in hospitality – or in any other sector – please call us. We’re passionate about helping businesses defeat this menace.

Request your Standaard Operation Procedure document here