I'd booked a hotel for this weekend. Hadn't paid anything so knew I needed to pay on the day.
About 2 hours before I was due to arrive I got an email asking me to verify my card for payment. It was written as if from the hotel but the email was from an address called booking.com, it was well written and correctly spelt. All the formatting and branding looked good.
My initial thought was they'd streamlined the payment process and it would save time on checking to pay online, but just in case I checked the app too and the same message was there.
I went to pay and noticed that whilst the figure was right, it was asking for Euro not £ (for a hotel in UK). So I called the hotel, thinking there was an error, to be told they'd had dozen of these calls and it was all a scam.
I can usually sniff these out, but they're getting better!
Apparently several guests had fallen for it and Booking.com were going to reimburse, as it must all have originated from a data breach at their end.