Can you get scammed on Booking.com? Which? issues scam warning as 'deluge of dodgy listings' found on platform

A Which? investigation has found that an easily hacked messaging system, failure to remove ‘scam’ listings, and a lack of identity checks on property owners is leaving holidaymakers “unnecessarily exposed” on Booking.com. The consumer champion was able to list a holiday home on Booking.com in less than 15 minutes and – unlike on Vrbo or Airbnb – Booking.com did not ask to see a driving licence or passport.

Which? said this lack of proper identity checks has led to a “deluge of dodgy listings” on the platform. When Which? searched Booking.com reviews for the word ‘scam’ in summer 2024, the consumer champion found hundreds of reviews complaining that they had paid for accommodation that did not exist.

As part of that investigation, Which? sent 52 of these listings to Booking.com. It removed most of them but told the consumer champion that most were not real scams – just owners who had neglected to switch off availability when accommodation had closed down or was temporarily shut. When Which? checked again in November, it found the same problem – 36 properties with hundreds of negative reviews pointing out that the accommodation was a scam.

Which?’s investigation also found that Booking.com’s security systems are not strong enough to stop scammers from listing on the site or from hacking genuine listings. Booking.com said that it restricts new hosts from accepting prepayments until they have bookings and reviews – but this is not insurmountable for a fraudster.

In September last year, Booking.com finally tightened security for hotels, hosts and guests to use a two-stage process, known as two-factor authentication (2FA), to get access to their accounts and messages. However, in November 2024, Which? was contacted by an expert in 2FA, who had reached out to Booking.com through social media to warn that the 2FA on his guest account did not work.

On March 17, the illegal harms codes of practice under the Online Safety Act will come into effect. This will require platforms to do more to prevent user-generated fraud – among other kinds of illegal content – on their sites by running risk assessments and having effective complaints procedures in place.

Rocio Concha, Which? director of policy and advocacy, said: “It’s really worrying that so many scams are slipping through the net on Booking.com.” In response, Booking.com said: “We are deeply committed to protecting our customers against fraud and scams.

“Online fraud is unfortunately a battle many industries are facing. However, thanks to the robust security measures we have in place and our continuous efforts to enhance them, we are able to detect and block the vast majority of fraudulent activity.”

It added: “We take the process of verifying accommodation listings seriously and have multiple controls and checks in place during sign-up, after submission and before listings become bookable. In the rare instance that a scammer finds a way to temporarily circumvent our controls, we seek to shut down the activity as quickly as possible and support any impacted customers quickly.”