Crumbs! Holiday phish based on genuine hotel booking surfaces

Re: From the other side...

You've obviously never dealt with hotels in Russia.

'Nuff said.

Indeed. I am just back from a holiday trip to the US. I had booked and prepaid a hotel room in Los Angeles via a web site that I supposed was a US entity - since it was the hotel site. I was very surprised when a charge showed up on my credit card details for a certain sum in dollars from an entity based in Hungary.

I was able to match that line with the hotel room cost, but only after I had found an obscure reference to the bank name on my confirmation email. Nothing explicitly said my transaction would be handled in yet another country, and the total was not exactly the same.

This is not good customer service. People should know exactly how their online transactions are being handled, and ideally the receiving bank should be clearly labelled.

I am fast becoming a devoted follower of the IBAN transaction method. Seems much safer to send the money via bank transfer than to use credit card details that can be scammed.

Re: just go to your bank and send a wire transfer to our account below

Not really - they were booking through Booking.com, essentially a travel agent.

If I book a holiday with car hire, flights, hotel etc through a travel agent I pay a single lump sum to the agent (into their bank account), and they divvy it up between the individual supplying companies (the hotel, the car rental agency, the airline, the tax man etc).

Just because the hotel is in Spain in this instance, doesn't mean the intermediary agent has to have a bank account in that country.

Re: just go to your bank and send a wire transfer to our account below

"...and it doesn't seem strange to buy a holiday in Spain and pay to Poland?"

The problem is that a hotel might be part of a chain or group, and in such cases its the parent company that really takes the money (even if the hotel itself handles the transaction), rather than the hotel itself - so a hotel in one country might be part of a chain owned by a company in a completely different one.

Booking.com don't help matters with their approach: They don't take your money, only your card details, and pass that information on to the hotel so that they have your card details ready in order to process your payment, and they charge the hotel commission which is usually taken (in one lump sum for all bookings in a month) by direct debit from the hotel. This simplifies things greatly for booking.com, since they don't have to process card payments.

It's a clumsy approach because it means when making a booking you aren't just talking directly to a payment processor/gateway; you're trusting two companies with your card details: booking.com, who you hand them over to in the first place, and the hotel - and because payment is therefore not taken straight away (even a partial payment, such as a deposit), the system is ripe for a scam of this sort.

As mentioned in the article, it seems unlikely booking.com are the source of the details here, otherwise there'd be a lot more noise about it - so it's likely to be the hotel, but the question is: is it details of bookings stored at/by the hotel that have been compromised, or is it the hotel's connection (i.e. access details) to their booking.com account? (I'd presume the former, otherwise the card details themselves would have been compromised and the problem would be CC fraud).

Re: Covering all bases..

He has never closely examined factual material to self-determine if he is participating in a con, and thus can state no probability that he is or is not participating in a con. (I got this answer from a book on probability in medical genetics explaining different ways patients can be lacking certainty about their own conditions).

Since we're on hotels, here's a question: Why is there a hotel called the "Four Seasons" in Singapore? Singapore only has, at best, 1.5 seasons.