Focus on the BIG picture.
Wednesday, Sep 17, 2025
Outside the box.
118 Japanese Hotels Fall Victim to Phishing Scams via Booking.com, Resulting in Credit Card Theft
Over 100 Japanese hotels have been targeted in phishing scams through the reservation site Booking.com, resulting in stolen credit card information and financial losses for customers.
The Japan Tourism Agency has requested a full investigation from Booking.com Japan KK, but the company has yet to comment on the financial damage.
These scams occur as global tourism levels rise following Covid-19 border restrictions.
Anonymous cybersecurity specialist Piyokango helped Kyodo News identify 118 accommodation businesses in 21 prefectures that had been hacked since June 2022.
Fraudsters sent emails with malicious links to Japanese hotels, allowing hackers to steal their Booking.com credentials.
The hackers then sent fake cancellation notices to customers, requesting advance payment to keep their reservations.
Customers were directed to input their card details into a fake website.
In August 2021, a hotel fell victim to a phishing scam when an employee clicked on a link claiming to be a list of a customer's food allergies.
The scammers exploited the hotel's desire to accommodate customers' needs.
This type of scam was first reported in Europe in 2022 and later spread to hotels in the US, Asia, and Oceania.
Booking.com, a popular booking platform, stated in December 2021 that they do not request customers to provide card details via chat or email.
These scams occur as global tourism levels rise following Covid-19 border restrictions.
Anonymous cybersecurity specialist Piyokango helped Kyodo News identify 118 accommodation businesses in 21 prefectures that had been hacked since June 2022.
Fraudsters sent emails with malicious links to Japanese hotels, allowing hackers to steal their Booking.com credentials.
The hackers then sent fake cancellation notices to customers, requesting advance payment to keep their reservations.
Customers were directed to input their card details into a fake website.
In August 2021, a hotel fell victim to a phishing scam when an employee clicked on a link claiming to be a list of a customer's food allergies.
The scammers exploited the hotel's desire to accommodate customers' needs.
This type of scam was first reported in Europe in 2022 and later spread to hotels in the US, Asia, and Oceania.
Booking.com, a popular booking platform, stated in December 2021 that they do not request customers to provide card details via chat or email.
