Online platforms like Booking.com have become a target for scammers who impersonate hotels or the platform itself. After making a real booking, customers may receive a message claiming there’s an issue with payment or confirmation. These messages often include a link to a fake website designed to steal personal and payment details. Because the booking is real, the scam feels highly convincing and catches many people off guard.
Why it matters
This is not just a travel issue but a wider data protection risk. Scams like this exploit trust and show how easily communication channels can be manipulated. Under regulations like UK GDPR, businesses are responsible for protecting personal data and responding quickly when something goes wrong. If customer data is compromised, organisations may need to report the incident to the Information Commissioner’s Office, depending on the severity. Failing to act properly can result in fines, investigations, and reputational damage.
What to do if affected
If you or your customers receive a suspicious message, stop engaging immediately and avoid clicking any links. If payment details were entered, contact your bank straight away, change passwords, and enable multi-factor authentication where possible. It is also important to report the incident to Booking.com and internally within your business so it can be properly assessed and contained.
What not to do
Do not ignore the situation or delay taking action, as this increases risk. Avoid continuing to use systems that may be compromised, and do not communicate externally until you have accurate, verified information. Poor handling at this stage can escalate the issue and lead to greater impact.
How to prevent it
Prevention comes down to awareness and structure. Staff should be trained to recognise phishing attempts, and businesses should implement strong security practices such as multi-factor authentication. Clear processes for handling data, managing incidents, and communicating with customers are essential. Having a clear breach response plan in place ensures you can act quickly and confidently if something goes wrong.
How we help
At Data Support Hub, we help businesses move beyond basic compliance. Our platform provides the structure, guidance, and support needed to manage data protection effectively and respond to incidents with confidence.
Stay protected
Scams like this succeed because businesses are not fully prepared. The real risk is not just the attack itself but how it is handled. Acting quickly and having the right processes in place can make all the difference in protecting your business, your customers, and your reputation.