CoinGecko CEO Bobby Ong has issued an urgent warning about a sophisticated fraudulent email campaign impersonating Booking.com to promote a non-existent "Exclusive Crypto Travel Summit" in Dubai.
The incident, made public by Ong on social media on 27 October 2025, is part of a growing pattern of scams targeting cryptocurrency users.
The Phishing Email Details
The bogus email announced an "Exclusive Crypto Travel Summit" scheduled for November 2025 in Dubai. It falsely claimed that Booking.com and Coinbase had entered into a strategic partnership to launch new cryptocurrency-based travel services.
IMPORTANT NOTICE (PSA): A new phishing attempt is underway that uses Booking.com's systems to send fake conference invitations. If you receive such emails, the best thing to do is simply delete them. @Booking.com, take note and please escalate to your security team to block these individuals from abusing your systems.
To lend credibility to the fraud, the invitation mentioned prominent names in the crypto community, including Ethereum co-founder, Vitalik Buterin, and Coinbase CEO, Brian Armstrong, as keynote speakers.
A crucial detail that revealed its misleading nature was the confirmation deadline (RSVP) set for 30 September 2025, a date that had already passed by the time of posting. Ong urged recipients to delete such messages immediately, and asked Booking.com to mobilise its security team.
Booking.com's Response and Security Advice
Booking.com promptly responded via its official account, confirming the fraud and announcing the launch of an investigation.
The company stressed that it does not communicate or offer customer support or recruitment via messaging apps such as Telegram or WhatsApp.
The company strongly advised users not to provide personal information, make payments or click on links in suspicious messages. It also suggested reporting such incidents to local authorities and contacting official customer service only for legitimate matters, providing confirmation codes and booking details.
This impersonation attempt is part of a broader pattern of fraud in the industry. In September 2025, even Binance had issued alerts about fake listing agents and phone scams in which impersonators pretended to be support operators, guiding users to change API settings to facilitate the theft of funds.
Ong reiterated that, given the adversarial nature of the crypto sector, users should carefully verify all communications, checking sender domains and avoiding unsolicited links. Security experts recommend always contacting platforms directly through official channels in case of unusual requests.
