A number of hotels in Europe have fallen victim to an email scam which captures commissions paid to Booking.com.
The email scammers use a tried a tested method of creating a branded page to lure the recipients to send their monthly fees to the Priceline-owned Booking.com.
Booking.com says the "incidences appear to be limited", but Tnooz has learned the scam has been in operation for at least ten days and representatives of the company are saying privately to hoteliers that it could have impacted a large number of properties.
One instance saw a hotelier make of payment of ten of thousands of Euros to a fake bank account.
The email is similar to existing correspondence sent to hotel customers by Booking.com, in terms of look and feel, although the sender email address is altered slightly (invoice@booking-ltd.com)- a trademark sign that the message could have come from an unofficial source.
It begins by saying there is a malfunction on the automatic payment system used by hotels to pay their commission and therefore hoteliers will have to wire the money manually.
Hotels would find their services with Booking.com "interrupted" if they do not make the payment, it warns.
The first properties to receive the email did so just days before the usual payment date of the 15th of each month.
Transfer details for a bank in the UK are then included and a reassurance that the automatic system will be working normally in time for the next payment date.
Booking.com was made aware of the problem early last week, when a hotel which had made the payment then became suspicious.
It has since emerged that an earlier email used a Polish bank for the transfer, but this later switched to the version using the UK details.
Hotels are conceding that they should give such emails more thorough scrutiny, but say often an email is received by a front desk and then simply forwarded to an invoicing or payment department.
Booking.com says it considers any so-called phishing scam which affects it hotel partners a "criminal activity".
"Special security measures" have been put in place to combat such scam emails and protect the interests of its partners, an official says.
In a lengthy statement, Booking.com adds:
"As soon as we became aware of potential phishing scams that could impact our partners, we immediately acted and requested our security partner launch a "take down" of the phishing websites and malicious email addresses to mitigate and minimize the risks.
"A dedicated security team is working with our Hotels Department and Customer Relations teams to detect attacks and contact and support accommodation partners who may have been affected.
"We will work with all banks to attempt to freeze the fraudulent bank accounts where possible.
"We are communicating with law enforcement, and we continue to support the authorities with their investigations.
"We advise all partners to contact us immediately if they suspect Booking.com is being referenced in a phishing email they receive."
Some property owners are hoping the multi-billion dollar revenue Priceline will help those that were affected by the scam.
Booking.com did not answer the question directly when it was asked by Tnooz this week if hotels would receive some financial assistance.
"Customers are always our top priority and we will work with partners who have been affected by this scam to ensure we continue to meet the high levels of service and expectation we set for ourselves, and to do so is to ensure that any impact on hotel partners and travellers is minimized as much as possible.
"We always work directly with our partners to make sure that a suitable solution is found for the customer."
Hotels have also questioned why Booking.com did not notify its hotel partners that a new scam was running in Europe, given that it was aware of the recent activity as early as last week.
The official says:
"As far as we are aware, the phishing incidences appear to be limited, so our support team is working with partners on a case by case basis."
It is not the first time Booking.com has found itself subject of a scam. In November last year, some 10,000 consumers were said to be affected by a phishing attack to obtain customer details.
The latest scheme mirrors a widespread email scam involving IATA in May 2013 - again, using knowledge of how industry payments and services are carried out to target members.
NB:Email scam image via Shutterstock.