Which? Travel trusted travel advice
Who to book with, how to get the best deals and inspiring destination ideas from the experts. £4.99 a month, or £49 annually
Join Which? TravelCancel anytime.
Booking.com replaces customer service staff with AI
Scam victims forced to first report traumatic fraud experiences to artificial intelligence bot
When Catherine Smith* was defrauded out of €2,025 by an alarmingly convincing scam on Booking.com, the first thing she did was phone its helpline.
She was answered by an American voice calling itself ‘Kayleigh, your AI-powered agent’. She tried explaining the complicated fraud, but got nowhere.
‘I went round and round in circles,’ she says. ‘Having stated that I believed I was subject to a scam and that there was a fraudulent listing on the Booking.com website, the bot suggested I report the listing through the website or app.’
Weeks after Catherine reported the fraud, she still hadn’t received any further update on her case.
It’s an experience that will be familiar to the many people we’ve heard from who have been defrauded on the site. Last year, Booking.com announced plans to slash staff numbers and let AI take over large parts of its customer service. While it still has customer service staff - the initial contact for most queries is now a bot.
Which? receives weekly reports from Booking.com customers who say they’ve been scammed.
New scams on Booking.com
Catherine’s experience was similar to previous scams we’ve reported – but with a worrying new twist that made it even harder to spot.
She attempted to book a Swiss chalet on Booking.com for herself and her parents, but received a message saying her booking had been declined.
Shortly afterwards, she received another message, again from Booking.com’s own email address noreply@booking.com, telling her to ‘please contact the host for availability’ and giving her an email address. She was then sent a payment link.
It was only when Catherine compared the photos she’d been sent with the real chalet that she became suspicious. She contacted her bank but found out that, as it was an international payment, she will not benefit from new rules around so-called authorised push payments.
‘I have to prepare for the fact that we have lost €2,025, which makes me feel sick to the bottom of my stomach,’ says Catherine. ‘Especially given how this holiday is for a special occasion. My parents are devastated.’ Only after Which? got involved did Booking.com finally refund the stolen money.
Catherine's case was complicated by the fact that, unlike with other similar scams we’ve seen, she doesn’t have a booking reference. The fraudsters got her email address by hacking Booking.com’s mailing system – presumably via the chalet she emailed – and were able to direct her outside of the platform.
It’s unsurprising that she, and many others, have been tricked because some genuine Booking.com properties – unlike those on Airbnb, Expedia or other sites – do request payment outside of the platform itself.
Booking.com cuts customer service
In July this year, Booking.com announced plans to cut more than 900 staff worldwide.
According to the makers of a Belgian consumer affairs programme, WinWin, some staff at Booking.com have complained about falling standards of customer service.
WinWin told us that, in a special investigation into Booking.com, it broadcast anonymous quotes from six employees, alleging that the firm is slashing customer service at its Amsterdam head office and introducing more AI.
WinWin said that Booking.com had first outsourced customer service to a third-party company based in Luxembourg and was now cutting several hundred people.
It appears that Booking.com’s plan is to have most standard questions initially answered by AI. Victims of fraud we spoke to said they struggled to get help, even when they did manage to speak to a human being.
The crisis on Booking.com
In August this year, we reported on the scale of the problem on Booking.com, with almost one in 10 Booking.com customers in our survey telling us they’d seen scam emails.
Since then, we’ve had numerous more complaints. Many of them were straightforward cases that, after we raised them with Booking.com’s press team, were swiftly resolved. Yet the victims had no success calling customer service prior to Which?'s involvement.
One victim, Zoe, says: ‘After a long day at work I came home to my kid and between bathtime, dinner and bedtime chaos, I stupidly clicked on a link asking for another payment for the Booking.com trip to San Sebastian in Spain I'd booked.’ She lost £767 and, again, there was no sign she was going to be refunded until we contacted the platform.
In the past 18 months, we’ve contacted Booking.com about numerous customers' problems with scams or other issues. At least 22 people got money back after our intervention – totalling £14,222.
Fraudulent listings reported to Booking.com – but not removed
Even more seriously, we’ve been contacted by three separate property owners who reported fraudulent listings to Booking.com – and were astonished to find that it did nothing for months.
Philip, the owner of a luxury clifftop holiday let in Cornwall, spotted in May that fraudsters had stolen photos and other details from his own website and put his apartment on Booking.com.
He told Booking.com at once but received no reply for weeks. When it finally got back to him it said: ‘You have not proved you own the property so we are taking no action.’
This is particularly ironic, as the fraudsters themselves would not have been asked to prove their identity when putting the listing on the site. We showed last year that it’s possible to create a listing on Booking.com in 15 minutes – and there aren’t any identity checks before it goes online.
Shortly after Philip reported the scam, the first victims arrived at the property. They said they’d booked a week there on Booking.com.
‘At first they were angry because they thought we had double-booked the dates,’ says Philip, ‘however, I told them they had fallen for a scam and asked them not to return, as they had frightened our guests.’
Philip then tried again to get through to Booking.com customer services – providing a copy of his passport as further proof that he owned the property. It did not reply.
Again, only after Which? got involved, did Booking.com remove the listing. In its response it claimed: ‘At Booking.com cyber security and protecting property owners and customers from online scams is a top priority.’
But we struggle to believe that this is true – given the length of time it took to deal with this and other issues.
Booking.com also said: ‘We can confirm that the fraudulent property has been removed from our platform and all customers who had booked the property have been relocated.’ It finally removed the fraudulent listing more than four months after it was first reported.
What can be done about Booking.com?
In September, we met the online regulator Ofcom and asked it to investigate whether Booking.com is doing enough to prevent fraud on the site.
We’ve also shared details of our research with the Competition and Markets Authority (CMA).
Neither of them have confirmed whether they will take action. Ofcom did tell us that Booking.com users can report content that they believe to be fraudulent.
Booking.com says that it is fighting back against fraud. It told WinWin that, ‘Between 2023 and 2024, we reduced the number of detected and blocked phishing-related fake bookings from 1.5m to 250,000 – an 83% decrease that demonstrates the impact of our technological efforts to protect both travellers and accommodation partners.’
Although it’s not clear what it means by ‘phishing-related fake bookings’, hundreds of thousands of scam attempts on the site is still an astonishing figure.
We’d advise users of Booking.com to be very careful when using the site. Our experience, talking to scam victims and the findings from our survey, suggest that the Booking.com messaging system is frequently hacked. This is because it allows accommodation partners – hotels or others – to access it directly.
Fraudsters only need to hack individual hotels, or other third parties with access to the messaging system, to be able to contact all their guests via the Booking.com app or the noreply@booking.com email address.
Booking.com response
Booking.com denied that it's replacing customer services with AI - but did say that it's making more use of AI: 'to make it easier and quicker for customers to get in touch and for us to help with a resolution - especially if an issue occurs during a trip when we want to make sure that we can help find a solution as soon as possible.'
It said that its AI Voice Support tool helps it to 'instantly resolve a number of queries including cancellations and property features, with proven results in reducing wait and resolution times for customers.' It also said that, when required, it connects customers to a human agent and that it continues to have dedicated teams available 24/7 and across 45 different languages.
It confirmed that the chalet Catherine booked has been removed from Booking.com and that it has refunded her. It added: 'We are committed to protecting our customers against fraud and scams, which is unfortunately a battle many industries are facing, however we have robust security measures we have in place and thanks to our continuous efforts to enhance them, we are able to detect and block the vast majority of fraudulent activity.
'Should a customer have any concern about a payment message, we ask them to carefully check the payment policy details on their booking confirmation to be sure that the message is legitimate. When in doubt, it’s always best to contact our customer service team or click on ‘report an issue’ which is included in the chat function. It is important to note that we would never ask a customer to share payment information via email, chat messages, text messages or phone.'
*Name changed.
