MoneySavingExpert.com homepage
Cutting your costs, fighting your corner
Founder, Martin Lewis · Editor-in-Chief, Marcus Herbert
Search bar closed.
Holiday-fines-blog-main
Martin & Team blogs

I never thought I'd almost fall for a holiday scam – don't get caught out by a similar trick

Kit Sproson
Kit Sproson
Senior Money Writer – Mortgages Expert
8 August 2024

'You've got a message from your Booking.com host'

I'll be honest, I've read about scams and their devastating impact so much over the years that, admittedly, I've occasionally felt a bit 'wood for the trees', desensitised – liable to be complacent.

And so it was a few weeks back that I received an automated email from Booking.com informing me I'd been messaged by one of my upcoming 'hosts', and to log in to my account to read it (I'll be visiting Milan, Lake Garda and Verona later this year). I'm a Booking.com regular, so an email notification like this wasn't anything out of the ordinary, so I logged in to my account.

I'd already had to change our accommodation (at all three locations) due to a change in departure date, so my immediate thought was frustration at the thought of having to rebook again. It was in this context that I read the following message from one of my 'hosts':

"Dear traveler [sic]. We regret to inform you of concerning activity detected on your account. In the upcoming 12 hours your booking reservation and account will be eliminated. To prevent the occurrence of this please read the  provided information here" followed by a link.

Faint alarm bells did start to ring. I'd never received a message like this from a host before. I also noticed the word 'traveller' was spelt incorrectly. Plus the warning both my reservation and Booking.com account would be 'eliminated' seemed a bit harsh (I am Genius Level 2 after all!).

A screenshot of the private message MSE Kit received within his Booking.com account. It reads:

But because I'd been notified of the message in the normal way (via email) and I did indeed appear to have a message from my 'host', I concluded this was genuine. And with my reservation appearing in imminent danger – I had just 12 hours to act or risk changing accommodation for a third time – adrenalin started to kick in.

With my judgement clouded – I think the adrenalin meant it hadn't crossed my mind the host's Booking.com account could have been hacked – I proceeded to follow the link.

Next I was taken to a page with the Booking.com logo at the top and something like 'www.complete-payments.com' as the URL (before I reached this page, I'd even had to tick a box confirming I was a human, a step that again, to me, indicated this was all genuine).

A screenshot of the supposed

Here I found myself engaged in what was effectively a live chat with a chatbot, which repeated the spiel about 'suspicious activity' on my Booking.com account.

I was told that to verify my identity and retain my booking, I would need to pay the entire cost of the accommodation upfront, but the amount would be refunded five minutes later. Looking back, this really should have rung serious alarm bells, but as the messaging and experience so far had felt really legitimate, I proceeded to enter my card details and clicked 'pay'.

The bank rides to my rescue

Sometimes I find myself sighing when prompted to enter an authentication code to complete a purchase (I've not always been the most patient of people), but it was only this code from HSBC that ultimately made me realise that something was wrong.

Specifically, the message from HSBC stated the code was in relation to the "purchase of 1,000 AZN".

This was the clincher for me. For starters, the accommodation had cost in the region of £300, not £1,000. Secondly, I was expecting to see the abbreviation EUR (for euros), not AZN (something I didn't recognise). Following a quick Google search, I realised AZN stood for Azerbaijani manat (and that 1,000 AZN was roughly equivalent to £500).

At this point I ceased all communication with what I now realised was a scammer – and, for the next 12 hours, repeatedly checked my online banking to see if any money had been taken (which, thankfully, it hadn't).

A screenshot of the text MSE Kit received on Tuesday 16 July at 5.18pm from his bank. It reads:

In the end, the difference between me being scammed out of £500 and escaping at the last moment was the authentication message from HSBC – a system process I've got a renewed respect for.

So this is a reminder to any of you reading this of the importance of staying vigilant – especially if, like me, you tend to think you're a bit too savvy to fall for something like this. Scams are rife, scammers indiscriminate in who they target, and they continue to get more sophisticated.

Here are some of the tell-tale signs that should have made me realise earlier that I was dealing with a scam:

  • Spelling mistakes in the communication. For example: "Dear traveler."

  • Unusual language, such as the threat to "eliminate your booking and account".

  • Talk of an urgent deadline. I had "12 hours" to save my account and reservation.

  • Claiming I needed to pay the money to "verify" my account, but the cash would be returned immediately.

Concerned you might have been scammed? Our Stop scams guide has step-by-step help.

Martin Lewis is among the celebrity faces most used by scammers. Be very suspicious if you see any 'advert' featuring the face of Martin Lewis, as of all celebrity faces, Martin's is one of the most likely to be used by scammers. Martin DOESN'T DO adverts.

MSE Forum

I never thought I'd almost fall for a holiday scam

Forum image
MSE Email icon 3 December 2024

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

The truth about credit scores
Martin's need-knows
Compare+ Home Insurance
New MSE tool
Christmas consumer rights
12 must-knows
5.18% easy-access savings
Up to £20,000
50p photocard delivered
From Card Factory
Christmas light running costs
We've crunched the numbers
Coupons: 'Free' £2 crisps
Plus £2 off pizza

Archive