When Booking.com becomes Booking.Scam

Ben Rothke
4 min readApr 1, 2024

When you need help online, a scammer will come to the rescue


Scammers to the rescue

Over the past few months, there have been an increasing number of attacks targeting the hospitality industry. There have been multiple attacks convincingly impersonating Booking.com. Attackers do this to gain Booking.com credentials, which can contain significant amounts of valuable information.

Elad Damari is an email security expert at Perception Point who has conducted extensive research in this area. Last week, I tweeted about his research, which detailed the strategies employed in these attacks. He notes that perhaps the hotels’ hospitality makes them such hospitable targets for attackers.

Within minutes of my tweet, there were multiple responses from accounts that themselves impersonated Booking.com.

Scammers will reply in minutes



Ben Rothke

I work in information security at Tapad. Write book reviews for the RSA blog, & a Founding member of the Cloud Security Alliance and Cybersecurity Canon.