Phishing scam exploits Booking.com branding to target crypto users

Thursday 30 October 2025 - 10:20

By: Dakir Madiha

Phishing scam exploits Booking.com branding to target crypto users

A sophisticated phishing scam is targeting cryptocurrency enthusiasts by impersonating trusted brands like Booking.com to promote a fake Dubai crypto summit. Fraudsters are preying on users’ trust and fear of missing out to steal personal data and digital assets.

Fake summit promises exclusive access to top crypto leaders

CoinGecko CEO Bobby Ong took to X (formerly Twitter) to alert the crypto community about phishing emails that falsely claim to announce an "Exclusive Crypto Travel Summit" co-hosted by Booking.com and Coinbase. The emails, crafted to appear official, feature prominent figures such as Vitalik Buterin, co-founder of Ethereum, and Brian Armstrong, CEO of Coinbase, as keynote speakers.

The scam invites recipients to RSVP for the Dubai-based summit, allegedly scheduled for November 2025. However, the email includes a misleading RSVP deadline that has already passed, creating a sense of urgency to prompt hasty decisions. Screenshots shared by Ong reveal a mix of travel and cryptocurrency themes designed to lure victims into clicking malicious links.

Booking.com responds as phishing scams surge

In response to Ong’s post, Booking.com acknowledged ongoing reports of fake emails and requested further details to investigate the matter. While the company did not directly confirm the scam, it reiterated that users should only engage with official Booking.com communication channels.

The company’s security guidelines warn against phishing attempts that direct users to fake websites mimicking Booking.com’s Extranet log-in page. Customers are advised to carefully verify URLs and report suspicious activity within 24 hours.

Booking.com has previously reported a 900% rise in phishing attacks against its users, highlighting how fraudsters exploit the platform’s reputation to deceive victims. These scams often replicate legitimate booking confirmations or event promotions to redirect users to fraudulent sites designed to steal credentials or digital tokens.

Crypto scams grow more sophisticated

The fake summit is part of a broader trend in which scammers exploit the intersection of cryptocurrency and travel, both sectors involving online transactions and global clientele. Security researchers note that such scams rely on psychological tactics, including urgency, exclusivity, and prestige, to manipulate recipients into acting quickly.

Blockchain analytics firm Elliptic points to the increasing "industrialization" of scam operations, which now leverage advanced digital marketing techniques and social engineering to deceive users. The fake summit’s promise of A-list speakers and exclusive partnerships highlights how scammers blend credibility with enticing offers to maximize their reach.

Rising threats across the crypto sector

This incident is not isolated. In September, Binance reported thwarting fraudsters posing as listing agents and customer care representatives. Binance CEO Richard Teng highlighted a new wave of phone scams, where fraudsters convince users to change API keys, leading to stolen funds.

Ong and other security experts emphasize the importance of vigilance in the cryptocurrency space. Users are urged to verify sender addresses, avoid clicking on unverified links, and only communicate with trusted platforms directly. As phishing scams become increasingly sophisticated, robust security practices remain the best defense.