Scammers targeting hotel chains are putting the data of Eurovision fans who have booked rooms for the song contest in Liverpool in May at risk.
Booking.com confirmed to BBC News that “some accommodation partners were targeted by phishing emails,” but denied any data security breach.
Customers are advised to speak directly to their hotels if they have concerns.
The travel company said “a number of accounts” had been affected by cyber attacks which were “quickly locked”.
It claimed some businesses had “accidentally compromised their own internal systems by clicking on links contained in these messages”.
Liverpool tickets are sold out due to high demand.
BBC News has been unable to verify how scammers got customers data. However, a number of Eurovision fans contacted the BBC’s Eurovisioncast podcast, detailing their experiences almost falling for scams relating to Eurovision accommodation booked in May.
Booking.com said it had “actively been supporting our partners, as well as any potentially impacted customers” and continued “to make security and data protection a top priority”.
During the competition, Marc Deruelle booked a flat for himself and three friends in Liverpool “for a pretty decent price” through the travel site.
In early February, he received a WhatsApp message from someone claiming to be a receptionist, first asking if he needed parking and then claiming there was a problem with his payment, with a similar issue appearing on his booking.com account.
“I assumed this had to be OK,” he tells BBC News. “I received a text message from my bank and a phone call from them, and they said someone was attempting to defraud me of my money.”
A total of £800 was set to be transferred to Uganda, but the transaction was cancelled.
The UK government will contribute £10 million to Eurovision.
Everything you need to know about this year’s song contest
“I felt really stupid because I’ve never been close to being scammed,” he says. “It just took the fun out of it, and I don’t want to go any longer because they’ll know all my details and that I’m away from home, so I cancelled.”
Marc phoned his accommodation supplier, which told him it had heard similar stories, which the BBC has been able to confirm.
If customers have concerns, UKHospitality, which represents over 700 companies, advises them to deal directly with hotels rather than third-party booking platforms.
einsteineruploaded with. “For the first time, you’ve got a lot of young people in particular who wouldn’t normally book and travel to these events, and [scammers] are taking advantage of those who are vulnerable.”
Such phishing scams are thought to be more widespread than Eurovision and the city of Liverpool.
Booking.com confirmed that no legitimate transaction would ever necessitate a customer providing credit card information over the phone, text message, or email.