The scam crisis on Booking.com

Which? calls on Ofcom to investigate as nearly one in 10 Booking.com customers in our survey believe they’ve been sent scam messages
Trevor BakerSenior researcher & writer

Trevor Baker is an award winning travel writer who specialises in airlines and airports.  

Woman looking at worrying message on her phone

When we asked 258 Which? members who used Booking.com whether they’ve seen scam messages sent through Booking.com’s messaging system in the past two years, 9% said they had.

These are often dangerously convincing messages sent by third-party scammers while appearing to come from Booking.com itself, and which have been used to steal thousands of pounds from unsuspecting customers of the site.

One person said they transferred money to a fraudster – and they were only saved when the bank called to query the transaction.

Almost one in 10 customers being targeted with scam messages would be a huge number, if reflected across the booking site’s millions of users in the UK and abroad.

However, it seems all too plausible, as Which? continues to see more complaints about alleged fraud on Booking.com than any other accommodation booking platform.

Which? is now calling on Ofcom to investigate whether Booking.com’s doing enough to remove illegal content and protect users, using its new powers under the Online Safety Act.

Get travel advice and recommendations you can trust from the experts with our Travel newsletter – it's free

Booking.com still not beating fraudsters

In March this year we asked 'What went wrong with Booking.com?', detailing some of the ways we think the site has let customers down over fraud. Since then we have continued to receive stories through our scam sharer tool from customers who have been scammed. 

We reported on two main types of scams on the site. The first is when customers are sent a message – which frequently appears to come from the email address noreply@booking.com – telling them they need to confirm their booking by transferring payment to the fraudster.

These messages are more dangerous and convincing than most scam emails, because they appear to come directly from Booking.com itself.

The second issue we reported on was scam listings. We found dozens of properties with numerous reviews warning that they were scams. Booking.com told us that most weren’t scams – simply hosts who’d failed to update their availability.

However, we’ve since found evidence of listings that were clearly created by criminals to try to steal users’ money.

Beware Booking.com scam listings

Glyn Powell-Evans was shocked to get a call from somebody who’d booked his guest house, Great Tangley Manor in Surrey, on Booking.com.

Although he and his wife have been running the guesthouse for 20 years, they’ve never put it on Booking.com. 

However, when they checked on the platform they found that fraudsters had created a listing, using photos that Glyn himself, a professional photographer, had taken.

Glyn then spent an evening trying unsuccessfully to contact Booking.com by phone to tell it to remove the listing. Without a booking reference number, he said he found it impossible to contact anybody who could help. He then tried contacting Booking.com through the property owner’s portal. As he didn’t have a property reference, that was also impossible.

He finally resorted to sending a letter to Booking.com’s head office in Amsterdam. He still didn’t get a reply.

Glyn first called Booking.com about the scam listing on 18 June, but it stayed live until 15 July 2025, when the site took it down. 

The listing was finally removed after Which? suggested he use Booking.com’s portal for reporting illegal content, which is not clearly flagged on the site. 

Guests turn up to scam listing

Glyn’s story echoes that of another guesthouse owner, featured in September’s issue of Which? magazine. Their house was put on Booking.com by fraudsters, and the first they knew of it was when unsuspecting ‘guests’ turned up and knocked on their door.

They, too, complained to Booking.com, but it only removed the listing when Which? intervened.

Hundreds of new scam complaints on Booking.com

When we did an advanced Google search using the terms ‘site:booking.com “scam”’ in August 2025 we found – once again – hundreds of reviewers complaining about allegedly being scammed on Booking.com properties. 

We’ve previously got the platform to remove dozens of lets by forwarding it a spreadsheet of these listings, where guests have clearly paid for accommodation that was not available.

It’s unclear why it hadn't proactively removed these listings itself, without needing to be prompted by Which?.  

Scammed – without even using Booking.com

Eddie Smoraczewski was shocked to receive a message from Booking.com confirming he’d booked an apartment in Wembley, west London. He’d made no such booking. When he contacted its customer services, he was told the booking was visible on his account, but they weren’t able to cancel it. The representative said it was non-refundable and that he would have to contact the accommodation partner to cancel. The credit card used was one that Eddie hadn’t used anywhere for 18 months – and which hadn’t been used on Booking.com since 2019.

‘How can other suppliers charge accommodation to our Booking.com account without any confirmation from the account holder?’, he says. ‘We were certainly not aware that other companies can make bookings in our name through the Booking.com website, and I’m sure that other consumers would say the same.’

When we contacted Booking.com, it agreed to refund him and said: ‘Unfortunately, it appears that cybercriminals gained access to the customer’s Booking.com account to make a reservation. We can confirm that this breach did not occur through Booking.com’s systems. Upon receiving proof of the charge from the customer, we are now processing a full refund.’

Why Ofcom should investigate Booking.com’s scam issue

We think there's much more that Booking.com could do to help reduce fraud on its site. We are asking the online regulator, Ofcom, to investigate whether the systems to prevent fraudulent content appearing on Booking.com are sufficient to comply with the Online Safety Act.  

We think that Booking.com should:

  • require accommodation providers on the site to provide proof of identity. It says (see its response below) that it has checks, but these clearly weren’t enough to prevent Great Tangley Manor being put on the site by somebody who wasn’t its owner.
  • do more to prevent fraudsters being able to request payment through links or messages sent through its booking systems.
  • proactively investigate and remove listings where there are numerous, credible allegations that they are scams, or where it’s clear people are paying but not getting to stay.
  • provide a much easier, more visible way for users to report scams and other criminal activity.
  • take reports of scams and scam listings much more seriously, and investigate and remove them within 24 hours of being reported.
  • provide a customer service number for people who need urgent assistance after being scammed or left stranded without the accommodation they’ve paid for.
  • change the reviews system so that when multiple reviewers are warning that a listing is a scam, this is clearly visible on the first page. We’ve seen listings where the ‘most relevant’ reviews, shown by default, are positive. Only if you change the reviews setting to ‘newest first’ do you see that the most recent reviewers almost all say it’s a scam.
  • take responsibility and promptly refund people who’ve been scammed, where Booking.com is partly at fault – such as when the scammers have been able to send messages using Booking.com’s own messaging system. 

Our research on scam messages

We asked members of the Which? Connect panel if they’d used Booking.com in the last two years. 

Of these, 258 people said they had used it, and 9% said that they have seen messages that they believe to be attempted scams, sent through Booking.com’s own messaging system.

For more independent travel advice and recommendations, subscribe to Which? Travel

Booking.com response

‘Cybercrime and online fraud are not new, nor are they unique to Booking.com. These challenges affect many companies operating in the e-commerce space, from other large platforms to sole operators and reflect the realities of our increasingly digital lives.

'At Booking.com, cybersecurity is a top priority. As such, our dedicated teams leverage industry-leading technology to monitor, detect and block potentially suspicious activity around the clock. AI and machine learning play a critical role in our cybersecurity defences, allowing us to detect anomalies and block suspicious activity before it ever reaches our customers. Thanks to these measures and our continuous efforts to enhance them, considering our global scope and the number of transactions we facilitate via our platform, actual incidents are rare. 

'As part of our security measures we take the process of verifying accommodation listings extremely seriously. While in some cases we have streamlined the registration process for partners, following registration they are exposed to multiple controls and checks before their listings become bookable, and again once the listing is live. 

'Additionally, Booking.com features more than 339 million verified reviews from travellers who have stayed at the accommodation, allowing customers to make informed decisions. Customers can easily filter reviews by date, reviewer type and specific topics to find the insights most relevant to their needs. Our 24/7 customer service team is committed to supporting our travellers throughout their stay.

'To stay safe online, we advise all customers to keep their personal information private – no legitimate transaction will ever require a customer to share sensitive information like credit card details via email, chat, messages, texts or phone. If ever in doubt, it’s always best to contact our customer service team or the property provider directly to check the legitimacy of the message.’

More on this