Save On Travel and Hotels Shop All Deals Now! Vrbo

Lack of ‘proper checks’ is leaving Booking.com ‘wide open to scammers’, Which? warns

by March 10, 2025 Travel Articles

A ‘lack of effective checks’ is leaving Booking.com ‘wide open to fraudsters’, according to an investigation by Which?.

As a result of the probe, the consumer champion is calling for the platform, the most visited travel and tourism website worldwide, to do more to prevent fraud on its site ahead of the Online Safety Act illegal harm codes coming into effect later this month.

Which? investigators found that Booking.com operates an ‘easily hacked messaging system’, that it has ‘failed to remove scam listings’ and that a ‘lack of identity checks on property owners is leaving holidaymakers unnecessarily exposed’.

Which? said it was able to list a holiday home on Booking.com in less than 15 minutes and – unlike on Vrbo or Airbnb – Booking.com did not ask to see a driving licence or passport.

Which? said: ‘This lack of proper identity checks has led to a deluge of dodgy listings on the platform. When we searched Booking.com reviews for the word “scam” in summer 2024, [we] found hundreds of reviews complaining that they had paid for accommodation that did not exist.

‘As part of that investigation, we sent 52 of these listings to Booking.com. It removed most of them, but told us that most were not real scams – just owners who had neglected to switch off availability when accommodation had closed down or was temporarily shut.’

However, when Which? checked again in November, it claimed that it found ‘exactly the same problem’ – 36 properties with ‘hundreds of negative reviews’ pointing out ‘that the accommodation was a scam’.

Peter Walsh and his wife got in touch with Which? after falling victim to a Booking.com scam in August.

A ‘lack of effective checks’ is leaving Booking.com ‘wide open to fraudsters’, according to an investigation by Which?

According to the consumer group, they booked an apartment for a cycling holiday in Normandy in August 2024. However, when they turned up at the address, it ‘looked like a dentist’s surgery’ rather than a holiday home.

There were two other angry and confused couples waiting outside and they were all left with a last-minute scramble for somewhere else to stay, according to Which?.

The consumer group continued: ‘Peter had a second shock when, although Booking.com told him it was investigating, he didn’t receive a refund. He phoned Booking.com straight away, but it was only after we contacted Booking.com two months later that he got his money back.

‘Booking.com said that he had not been scammed. It was just that the owners had not kept their availability up to date and it was the owner’s responsibility to refund him.’

Peter told Which?: ‘Booking.com completely abandoned any notion of customer care and we felt as though we were treated with disdain and contempt by the company.’

Which? said its investigation also found that Booking.com’s security systems are not strong enough to stop scammers from listing on the site or from hacking genuine listings.

It notes that to stop scammers, Booking.com said that it restricts new hosts from accepting prepayments until they have bookings and reviews.

However, warns Which? – ‘this is not insurmountable for a fraudster’.

The consumer group said: ‘We saw a Glasgow let on Booking.com which seemed to only have two reviews from people who actually stayed there. After this point, reviewer after reviewer complained that there was no one there to meet them or any way to access the property.

‘After several months, it had 36 one-star reviews – almost all complaining that this was a scam and they had not been refunded. Again, Booking.com removed the listing only after contact from us.’

Which? investigators found that Booking.com operates an ‘easily hacked messaging system’, that it has ‘failed to remove scam listings’ and that a ‘lack of identity checks on property owners is leaving holidaymakers unnecessarily exposed’

Which? said its investigation also ‘exposed loopholes in the booking system that could be exploited by fraudsters’.

In September last year, Booking.com’ finally tightened security for hotels, hosts and guests to use a two-stage process, known as two-factor authentication (2FA), to get access to their accounts and messages’.

However, Which? said that in November 2024 it was contacted by an expert in 2FA, who had ‘reached out to Booking.com through social media to warn that the 2FA on his guest account did not work’.

Which? said: ‘Anyone who hacked his email would have been able to access his messages, without additional verification. Booking.com has not fixed this issue, which could also affect other users.’

The consumer champion said that it also spoke to several consumers who were sent external links through Booking.com messages, which are often used by fraudsters to move transactions away from the official platform.

Which? said: ‘The cost of these frauds is more than just the hundreds of pounds people lose. One person we spoke to had booked flights to Kenya but was unable to afford new accommodation after losing £727 to a scam in September 2024. It was only after we secured him a refund that he could rebook and finally take his trip to Kenya.’

On March 17, the illegal harms codes of practice under the Online Safety Act will come into effect.

This will require platforms to do more to prevent user-generated fraud (amongst other kinds of illegal content) on their sites by running risk assessments and having effective complaints procedures in place, Which? explained.

In addition, large platforms – those with seven million monthly active users in the UK – at medium or high risk of fraud will be required to have a dedicated channel to report any scams that slip through the net.

Which? noted: ‘User-generated fraud in scope of the Online Safety Act can cover posts such as listing items for sale on second-hand marketplaces or properties for rent on travel websites.’

 It’s really worrying that so many scams are slipping through the net on Booking.com

Which? believes ‘there are some basic changes Booking.com should make to reduce fraud on its site’, including ‘introducing identity checks for hosts before their listing can appear, making it mandatory for all users of the site to have two-factor authentication set up and banning the use of external links in Booking.com messages’.

Which? also believes that Booking.com should ‘proactively investigate listings where there are multiple reviews claiming they are a scam and take action when it is alerted by users that a property does not exist, is not really open for business or is a scam’.

In a statement, Which? added: ‘Ofcom should take note of our findings. It is absolutely key that the regulator takes strong, decisive action against firms found not to be complying with the Online Safety Act’s codes of practice to set a clear precedent that online platforms must do more to protect their users from scammers.’

Rocio Concha, Which? Director of Policy and Advocacy, said: ‘It’s really worrying that so many scams are slipping through the net on Booking.com. The illegal harms codes coming into effect on March 17 will require platforms to do more to prevent user-generated fraud but there are several simple changes that Booking.com could make now to tighten its security and close loopholes on its site that are being exploited by scammers.

‘Ofcom should take note of these findings as the codes come into force. If these issues persist, Ofcom must make use of its new powers and not hesitate to take action against Booking.com and other platforms failing to prevent fraudsters from targeting and scamming their customers.’

Booking.com said: ‘We are deeply committed to protecting our customers against fraud and scams. Online fraud is unfortunately a battle many industries are facing, however thanks to the robust security measures we have in place and our continuous efforts to enhance them, we are able to detect and block the vast majority of fraudulent activity.

‘We take the process of verifying accommodation listings seriously and have multiple controls and checks in place during sign-up, after submission and before listings become bookable. In the rare instance that a scammer finds a way to temporarily circumvent our controls, we seek to shut down the activity as quickly as possible and support any impacted customers quickly. In addition, we always recommend that customers read through our reviews and property rating scores before booking, to ensure they can see the views of others who have also stayed at the property.

‘Two-factor authentication, a measure used by many organisations, is just one of the methods we deploy for additional security. If a customer suspects that their email account has also been compromised, we recommend that they reach out to their email provider and also to our 24/7 customer service team.’



Source link

CHECK OUT: Top Travel Destinations

READ MORE: Travel News

About the author: Travel News

View all posts by Travel News »

Related Posts

Want to start a new life abroad? From education to healthcare and quality of life, the best countries for immigrants to move to in 2025 (and Britain only just ranks inside the top 20)

March 23, 2025

We live in the so-called ‘best town in Britain,’ but there is a downside: Locals reveal what life is REALLY like in lauded market town

March 23, 2025

The airline that sold a £190,000 ticket – it ended up costing them millions

March 23, 2025
Sightseeing Pass TripAdvisor