Warning Issued Over Sophisticated Hotel Booking Scams in Switzerland

As the holiday season begins, the Swiss Federal Office for Cybersecurity (Bacs) is issuing a strong warning about a significant increase in sophisticated scams targeting hotel bookings, primarily through WhatsApp. Cybercriminals are leveraging existing hotel reservations to obtain credit card information, with a notable rise in fraudulent WhatsApp messages reported.

The Bacs has observed a threefold increase in phishing reports related to hotel bookings in Switzerland during May compared to April. This surge, with 23 cases reported in May versus eight in April, is unprecedented for 2024 and 2025. The scammers' effectiveness stems from their ability to use precise details about past hotel stays, including hotel names and guest information, which is believed to originate from a data leak associated with the booking platform Booking.com in April.

One common tactic is the "refund trick." Victims receive unsolicited WhatsApp messages, impersonating Booking.com or the hotel itself, claiming an error in a past booking and offering a refund. These messages are highly convincing due to the accurate personal details they contain. To receive the supposed refund, recipients are directed to click a link that leads to a fake payment system website, ultimately guiding them to a phishing page where they are prompted to enter their credit card details.

Another, longer-standing method involves scammers using phishing or malware to gain access to hotel booking systems. This allows them direct access to user accounts and the ability to target specific bookings. Victims are then contacted through the platform's official messaging system, email, or WhatsApp, often under time pressure, with fraudulent claims about their reservations.

“

The perpetrators use particularly perfidious and credible methods to obtain the credit card data of the victims.