The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© KYODOOver 100 hotels in Japan fall victim to Booking.com phishing scams
TOKYO©2024 GPlusMedia Inc.
Video promotion
The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© KYODO
20 Comments
Login to comment
Patrick
To Gaijinland
No, it happened to me with a huge resort in Okinawa. The fake requenst indeed contained the original booking reference, but the requested amount was unrealistically high as well as the containing links were obvioulsy fake.
gaijintraveller
Japan is a safe country. Hackers can't read Japanese.
Sorry, that is not the right way to think. Internet security is extremely lax in Japan. My browser often flashes a warning about Japanese sites. It says the site is unencrypted and warns that credit card information could be stolen. I get this on Firefox and Chrome.
When a url starts http://, it is unencrypted and dangerous. Encrypted websites start https://. Also, the browser shows a lock. Why do so many Japanese companies, even quite large ones, not understand this?
Wake up Japan.
Gaijinjland
I’m guessing this happened mostly to family owned ryokan hotels? Overpriced but they really do go above and beyond in making preparations for their guests.
obladi
It sounds like the hotels are being targeted, leading to breach of customer data. The solution is for the hotels to be more careful with fraudulent emails, just like everyone else.
Mocheake
Used that site last month but thankfully had no problems. I invest in Internet security and use Avast anti-phishing, etc. but have spoken to quite a few Japanese people who do not use any kind of internet security. Maybe both the companies and their customers didn't see the need. Until now.
Jind
I have used Booking.com for a lot of reservations.
I would say, majority of online sites have probably no safeguards to detect phishing
or other scams. I will have to be careful in future.
When I receive scam sounding email, I hover over the sender's email address and fake email stands out and nothing like from where the sender is stating.
Jonathan Prin
Using emails to make an action (using link) is very risky in all cases.
Always check and exchange information trhough the official site and no link/file to be used. That is the standard.
So I don't understand : such type of phishing has been existing for a long time (asking you more money with sudden change of conditions). Basics of cyber security.
And also using any antivirus (free) is basics
Need to upgrade.
The hackers based abroad will never be found for sure alas.
By the way, it has nothing to do with booking.com's fault.
bogva
Agree - probably Booking.com should train those establishments that have lax security guard.
For the users that were consequently targeted, hoovering over the address works on PC but not on a smartphone where you have to click and then it's too late. That might be one of the reasons why so many people fall into these scams recently. Even my wife got caught with Rakuten entering her details...
factchecker
Hackers can't read Japanese.
Garbage. What about those born here.
ian
You were lucky then you got alerted. Requested amount should have been low to entice you to pay
リッチ
Seems like it’s not booking.com but hotels employees and email systems that allow any link to be clicked upon by anyone. Hotels demanding booking.com anything is kind of ridiculous even for Japanese. Their own people (the hotels) clicked on a link that provided their credentials to someone else’s. The only think booking.com could do is ip hardwire hotels login but then they will complain its to difficult when their IP addresses change. Really up to hotels to have their system updated with the latest technology to stop apparent clicking on external links.
h0nz4
That's not true, there are various promo rates that properties allocate for OTAs. Another advantage is the unified search and booking experience. I gave up multiple times trying to book some Japanese hotels on their websites, not only it would cost more, the reservation flow was nightmare.
However, hotels and airlines like direct bookings because they have more money out of it. And it's generally easier to get support vs going through an OTA.
I want it painted black (red door)
I just hope that this article will help in creating more awareness about this scams.
Rob-3
I do both, or rather I check online pricing along with the hotel’s website and even with the airline I’m flying with as they sometimes have deals
METATTOKYO
We have never used Booking.com or any booking site - what's the appeal?!
You never get a better deal than what you can get going directly to the hotel/ryokan or airline. It's a msytery to me.
METATTOKYO
Curious, why DID you go to booking.com instead of going direct to the hotel?!
kohakuebisu
Booking.com charge healthy commissions, so I can't say I'm too sympathetic if they are having to do a bit of extra work for their money.
Even if things are being compromised at the hotel side, it sounds like some of the scammers are getting the info from Booking servers using the hotel's login. Which means that tightening up the login (no stored passwords, two or three step authentication etc.) would stop this happening. I cannot log into Mercari on my computer without a text message to my phone. That's just to buy a second-hand something that might cost 1000 yen.
GuruMick
Oh crap...I have just used this service to make a booking.
Better of dealing with the service provider {hotel etc. } directly.
Saving grace is my c/c is always maxed out with little room for theft.
Dastardly computer hackers !!!
WoodyLee
Blame it on the Internet Providers and Cellular services that keeps signing up on providing a life line to these Scammers.
Greed is their top priority, they don't care what happened next.
sakurasuki
This quite sophisticated, it's not random poising. So the attacker already know which people that have active booking then impersonate as if it come from those hotel trying to ask additional information need to be inputted by customer.