Ruined holidays scam that makes you pay for your holiday twice: “They scammed me for 3,000 euros” In the latest scam, one message from the property was enough to ruin your holiday, with criminals getting more skilled and losing money is easy: refunds are a mirage. How it works and how to defend yourself

Among the many scams circulating online, the latest one, affecting customers, has the potential to ruin their summer vacations in 2024. The level of “skill” of criminals has reached new heights, and with new scams, extorting money from victims has become even easier. In fact, a direct message from the property booked on the portal is enough, and the scam is committed: in a few minutes the cost of the holiday is doubled. The problem, as one of readers told us, is that after the payment is confirmed, there is no return, it is impossible to get compensation from the bank. Therefore, it is better to prevent it and know how to protect yourself: we spoke to the platform directly on this issue, which explained what it is and how to proceed with refunds.

The latest booking scam: Fake booking confirmation message

The scam is recurring. After booking an accommodation on, a message arrives in the internal chat asking you to confirm the reservation by making a payment on a portal outside of the booking. The first part is in English: “Good afternoon, guest. Thank you for your reservation. You need to confirm your reservation. Please update your contact details via the personalized link. – Copy and open here or in another browser”. The text is followed by a link that the reader is invited to click on, subject to a penalty for cancellation of the reservation. You can see an example of the message in the photo below, sent to us by a reader.

Example of a scam message coming to a booking chat

The message continues in English, again urging to click on the link provided: “If you do not confirm your reservation through the personalized link, your reservation will be canceled within 24 hours.” But there are differences. Another reader received part of the text in Italian, perhaps because the property being booked is located in Italy. “To complete the reservation, please confirm the verification again – reads the scam message –. No money will be charged this time. Open quickly here or in another browser to fill in the blank fields and confirm the application.”

Example of a property's scam message with a booking payment link

Certainly, the “safe” source of the message, which arrives in a chat with the property booked directly on the portal, makes the reader lower his guard and the reader may be encouraged to click on the link presented with imperative tones to confirm the holiday. And this is where the problems begin.

What happens to the scam message on Booking: “They scammed me for 3,000 euros”

One of our readers told us that he was tricked by a direct message from the chat with the property he booked on “I’ve been in contact for a few weeks now. [con la struttura ndr]I had no doubts and authorized the payment – writes the scammed reader – I only became aware of the fraud when I unknowingly authorized the payment of the same amount a second time. At this point I contacted the establishment, who confirmed that they had never sent me this link and advised me to block the card immediately. However, the charges were successful: two identical charges for 1,447.99, totaling 2,895.98. I then contacted the bank to block the card and immediately went to the police to file a complaint.

This reader received a message that the link was received as it appeared, but despite reporting this to the police, the bank refused to refund him and it was not possible to block the credit card transaction. This was because the platform chosen by the scammers was, paradoxically, considered trustworthy and complied with the security requirements required by the bank, such as two-factor authentication to confirm the payment. In practice, the bank told the customer that it was not “very diligent” in allowing the transaction and therefore a refund was not possible.

Correspondence from the bank refusing to refund due to Booking fraud

The reader also forwarded a report to to request a refund, but more than a month after initial contact, the platform has stopped responding. Other victims of the story are buildings: this is where the hacking of the reservation system is likely taking place. Even hotels themselves have stated in their chats that they should be careful and avoid clicking on the link. But as another reader pointed out to us, sometimes it can be too late: hours can pass between the scam message and the actual communication from the property, and the alert can come after the payment has been made.

The facility's message to the customer informing them that they have been attacked

However, the reader reported that he did not receive any messages from indicating that their systems had been hacked.

How to proceed with the refund process, Reservation: “Contact support” contacted and commented on the scam: “We are aware that some of our partners have been targeted by phishing emails sent by criminals who have installed malware on their devices and, in some cases, gained unauthorized access. While this did not constitute a breach of our platform’s systems and the number of affected accommodations is a small fraction of those on, we continue to make significant investments to limit its impact.”

“Customer support will be ready to provide all necessary support”

From to

The platform advises: “We advise customers who have any concerns about payment-related messages to carefully check the payment policy details in the booking confirmation. Users can also report suspicious messages to our customer support team or by clicking on the ‘report a problem’ option available in the ‘chat’ function, where we also provide clear instructions on how to recognise and prevent suspicious activity.”

What about refunds? The platform responded to “For refunds and other requests, invites users to contact its customer support team, which will be ready to provide all necessary support.”

Massimiliano Dona: “What about the refunds?”

Massimiliano Dona, president of the National Consumers Union, explained to how to protect yourself from Booking scams and gave advice to users: “First of all, we need calm and smiles: we do not have clear information about the holidays. We panic to confirm the reservations of our trip. Our first advice is to check the address that the link wants to take us to, it must belong to without any other strange phrases, we check by calling the structure and then we allow it. we know, because it is always better to prevent”.

“The accounts where these transactions take place are virtual and disappear in an afternoon”

Massimiliano Dona, President of the National Consumers Union

According to Dona, the scam is “very widespread; individual conversations are likely hacked through the email accounts of consumers or organizations. All it takes is hacking the passwords of a hotel and potentially reaching thousands of customers. The accounts where these transactions take place are virtual and disappear in an afternoon, along with withdrawals all over the world: the money is untraceable, hopefully defeated by the postal police.”

Regarding the refunds, the president of the National Consumers Union said, “Unless the competent authorities detect negligence on the part of the platform, it is difficult for to refund something like this, even if the message reaches the chat.” . The company is registered with the Dutch Chamber of Commerce and the Dutch privacy guarantor, responsible for the protection of personal data, monitors the platform after these events and is ready to “take enforcement action if there are signs that it is suspicious”. is in violation of the law.

5 tips for postal police and reservations

Postal Police and Reservation have decided to collaborate to share tips and advice and avoid travel booking scams. The Post Office has made five recommendations to ensure online bookings are completely safe:

  • Keep your personal details private: Never share personal details such as your credit card details via text message, SMS or email, with people you don’t know or when contacted out of the blue. Ideally, you should always pay through secure online sites you know or when you arrive at your accommodation;
  • “Double down” on security: Many online platforms and credit card providers allow customers to use two-factor authentication. When enabled, instead of just typing in your password, you’ll be asked to complete a second step, such as typing in a code received via SMS, to access your account. While this is an additional step, it’s a very quick process and can significantly increase your security;
  • Stop and think before clicking on a link: If you receive a message with a link, check the landing page by hovering the cursor over the link or tapping and holding on a mobile device to avoid being redirected to a fraudulent site;
  • It’s best to be careful: If a property asks for payment outside of the terms agreed upon at the time of booking, or if you receive a poorly worded email asking you to share personal information, it’s wise to consider the request carefully. If in doubt, it’s always best to contact customer service or the property directly to verify the legitimacy of the message. Platforms like offer 24-hour customer support for all customer requests;
  • Check, check and check again: ultra-affordable beach accommodation may seem like a really tempting proposition, but before you take the plunge and part with your money, check the reviews and website URL of the property you’re booking to make sure they’re both legitimate.

According to Postal Police data, there were more than 16,000 online scams in Italy in 2023.

Source: Today IT