A Booking.com phishing email promising a CA$500 travel credit and using the subject line “(1) Pending.” was reported to CyberGuy. The message pressured recipients with a deadline and a blue “Redeem Now” button. Investigators say multiple details in the message raise red flags that indicate it could be a travel credit scam.
Do not click links in the message. Verify any reward directly in the Booking.com app or by typing booking.com into your browser.
Quick alert and key facts
What to know immediately: the reported Booking.com phishing email claims a CA$500 travel credit, used the subject line “(1) Pending.”, and set a deadline of June 23, 2026 at 11:59 p.m. The message included the recipient’s real name in multiple spots and a blue “Redeem Now” button that could point to a fake sign-in page.
What the email says and why it looks wrong
- The message claims you are eligible for a CA$500 Booking.com travel credit tied to a “Spring Genius Loyalty Event.”
- The subject line reads “(1) Pending.”, a vague prompt designed to increase opens and clicks.
- The email used the recipient’s real name in three places to appear personal and authoritative.
- The body shows “March 2026” while the message was actually sent on June 23, 2026 — a date mismatch that suggests a reused or sloppy template.
- A strict deadline — June 23, 2026 at 11:59 p.m. — was included to push quick action.
- A prominent blue “Redeem Now” button pushed readers to act instead of checking their official account; that link could lead to a fake sign-in page.
How to spot a Booking.com phishing email
Before interacting, check these indicators. The display name may resemble Booking.com while the sender address does not — a common sign of display-name spoofing. Links can mask their real destinations, and messages that landed in junk folders deserve extra scrutiny.
- Open the full sender details and verify the actual email address; do not trust the display name alone.
- If the message landed in your junk or spam folder, treat it with extra caution; spam filters often flag suspicious patterns.
- Hover over (or long-press on mobile) links to preview the URL. If the link does not point to booking.com or another official Booking.com domain, it may lead to a fake login page.
- Be suspicious of requests to sign in or enter payment details via an emailed link instead of checking your official account via the app or by typing booking.com into your browser.
What Booking.com said and limits of verification
CyberGuy reached out to Booking.com about the message. Booking.com provided general safety guidance and emphasized that it uses teams and machine learning tooling to monitor and block suspicious activity. The company said in part: “At Booking.com, the security and data protection of our partners and travelers is a top priority. We have dedicated teams and employ machine learning tooling to monitor, detect and block suspicious activity around the clock and continuously work to enhance the robust security measures we have in place.”
Booking.com did not specifically verify this particular email for reporters; the company’s comments were general safety guidance. For Booking.com’s official advice on spotting scams and protecting accounts, see their safety information at booking.com security guidance and visit the Booking.com Help Center at https://www.booking.com/help/.
Action steps to protect your account
If you receive this or a similar message, follow these ordered, practical steps now:
- Do not click the email’s links or buttons. Open the Booking.com app or type https://www.booking.com/ into your browser to check for any real credits or notifications.
- If you already clicked a link, stop and do not enter passwords or payment details. Immediately change your Booking.com password using the official site and review recent bookings and wallet activity.
- Enable two-factor authentication (2FA) or passkeys on your Booking.com account, email account, and any linked payment services to add a second layer of protection.
- Use a password manager to prevent autofilling credentials on impostor sites and to help you recognize real domains.
- Mark the message as junk or phishing in your email app and delete it. Report suspicious Booking.com-related emails using the Booking.com Help Center: https://www.booking.com/help/.
- Check bank and card statements for unexpected charges if you interacted with the message; contact your card issuer to dispute unauthorized transactions.
Why this matters
Offers like a CA$500 travel credit are tempting and plausible, making travelers prime targets. Scammers often use familiar program names and personalization — including real names — to lower victims’ guard. These tactics can lead to stolen logins, payment theft or account takeover, so quick verification and defensive steps are essential.
Source attribution and next steps
This report is based on a Fox News article about a suspicious message received and reviewed by CyberGuy. CyberGuy reached out to Booking.com; the company responded with general safety guidance but did not specifically verify this email. The message was sent to the reporter on June 23, 2026. Read the original Fox News report for additional details: https://www.foxnews.com/tech/fake-booking-com-travel-credit-scam-targets-travelers.
For official steps and reporting resources, consult Booking.com’s security guidance at https://www.booking.com/content/security.html and the Help Center at https://www.booking.com/help/. Monitor official company channels for updates and treat the reported message as suspicious rather than a confirmed, verified fraud event.
Frequently asked questions
How can I tell if a Booking.com email is fake?
Check the full sender address (not just the display name), watch for mismatched dates or sloppy wording, avoid messages that demand immediate action, and verify rewards inside the Booking.com app or by typing booking.com into your browser.
Should I click the Redeem Now button if I get this message?
No. Don’t click. Open the official Booking.com app or type the site URL into your browser to confirm any credits or offers safely.
What steps should I take if I clicked a suspicious link?
Immediately change your Booking.com password via the official site, enable 2FA if you haven’t already, review payment and booking activity, contact your bank for unauthorized charges, and report the email through the Booking.com Help Center.
Source: Fox News; CyberGuy outreach to Booking.com; Booking.com safety guidance.