Over the past twelve months, Booking.com has become one of the favourite playgrounds for scammers targeting British holidaymakers. Action Fraud recorded hundreds of reports, Which? tracked thousands of pounds in losses, and the stories keep coming: families turning up to non-existent cottages in Cornwall, stag parties stood in empty car parks in Edinburgh, and couples handing over thousands via dodgy payment links. The platform itself isn’t fraudulent, but fake listings, hacked hotel accounts, and slick phishing messages all look legitimate because they arrive through Booking.com’s own systems.
The losses are real. Between summer 2023 and autumn 2024 alone, Action Fraud logged 532 reports of holiday booking fraud linked to the site, with victims out of pocket by £370,000 collectively. In the first half of 2025 Which? received more than forty fresh complaints, with individual losses ranging from £45 to over £4,000. The scams have evolved quickly, helped along by AI tools that let crooks write perfect English and generate convincing property photos in minutes.
So what exactly is going on, and, more importantly, how do you make sure it doesn’t happen to you?
The Main Types of Scam Doing the Rounds
Fake listings remain the simplest and most brutal trick. A scammer creates a listing for a luxury flat, coastal cottage or boutique hotel that simply doesn’t exist. They steal or AI-generate photos, set an unrealistically low price, and wait. Victims book, pay through the platform (so it feels safe), then arrive to find an empty field or a bemused resident who has never heard of Booking.com. Because the money has already gone through the official channel, getting it back can be a nightmare.
Phishing through the platform’s messaging system is even more common now. Criminals compromise a genuine hotel or apartment owner’s account and send messages to upcoming guests. The messages look identical to normal Booking.com notifications: “Your reservation needs confirming”, “Please pay the tourist tax now”, or “Your card was declined, click here to update”. The link leads to a perfect copy of the Booking.com payment page where your card details are harvested instantly.
Account takeovers are the third big problem. Scammers get into your personal Booking.com account (often because two-factor authentication is off), cancel your booking without you knowing, and sometimes relist the same dates at a higher price to pocket the difference.
Why It’s Getting Worse
Booking.com’s head of trust and safety admitted earlier this year that they have seen a 500–900% increase in attempted travel scams since late 2022, largely because generative AI has removed the old tell-tale broken English that used to flag messages as suspicious. At the same time, the platform’s review system still defaults to “most relevant” rather than “newest first”, which buries recent one-star warnings about fake listings. Campaigners and consumer groups have been complaining about this for years, but the setting remains unchanged.
Your 12-Step Defence Plan
The good news is that almost every successful scam relies on the victim breaking one or more basic rules. Follow these steps every single time you book and the risk drops to near zero.
- Never pay outside the platform. If anyone asks for a bank transfer, Revolut, PayPal Friends & Family, crypto or a random link, it is a scam, no exceptions.
- Always sort reviews by “newest first”. The moment you open a listing, go straight to the reviews tab and change the sort order. Scroll the most recent twenty or thirty. A string of complaints saying “fake”, “no one there”, “scam” or “asked for extra payment” is an instant red flag.
- Google the exact name and address. Copy the property name and postcode into Google in quotes. If the only hit is the Booking.com page itself, be very suspicious.
- Reverse-image search the photos. Right-click two or three of the main pictures and search Google for the image. AI-generated interiors or photos stolen from properties in Spain or Florida will show up immediately.
- Phone the property directly. After booking (or even before), find the official phone number via Google Maps or the property’s own website and call it. Ask them to confirm your reservation. If they have no record of it, cancel straight away.
- Switch on two-factor authentication today. In the app go to More → Security and turn on 2FA. It stops most account takeovers dead.
- Use a virtual or one-use card. Revolut disposable cards, Monzo virtual cards or similar mean that even if details are stolen the card is useless after the first transaction.
- Never click payment links in messages. If a message claims your booking is at risk or you need to “confirm payment”, close it and log in properly through the app or website to check.
- Prefer listings with hundreds of reviews. Scammers rarely stick around long enough to accumulate 500+ genuine reviews.
- Cancel if anything feels wrong. Most bookings have free cancellation up to a few days before. Use it.
- Screenshot everything. Save the listing, price, messages and cancellation policy. They are gold dust if you need to claim from your bank later.
- Set up email filters. Create a rule so any Booking.com email containing phrases like “urgent payment”, “bank transfer” or “click to confirm card” goes into a separate folder for manual checking.
What To Do If You’ve Been Hit
Report it to Action Fraud immediately for a crime reference number. Forward suspicious emails to your provider’s phishing address and dodgy texts to 7726. Contact your bank or card provider the same day (most UK cards are covered by Section 75 or chargeback rules). Booking.com themselves will sometimes refund if you can prove fraud and you’ve followed their rules (i.e. you paid on the platform and didn’t click external links), but consumer groups report it can take months and often needs media pressure.
The bottom line is simple: Booking.com is still a convenient way to book travel, but only if you treat every message and every too-good-to-be-true listing with extreme suspicion. Do the twelve checks above as second nature and you’ll sleep easy the night before your holiday. Ignore them, and you might be the next cautionary tale on Which? or the Action Fraud dashboard.
Stay sharp, book safe, and enjoy the trip you actually get to take.