Thanks to Agoda, I almost got scammed 179.5 CHF !
But thanks to Agoda, I was not scammed in the end either
What happened?
I booked a hotel on Agoda in early January, 2025. Not long after, I received a seemingly innocent message through my Agoda app’s hotel booking. The first message was a short sentence with a [linked removed] line, followed by a long, seemingly computer generated message warning me able the risk of clicking external links on their app. As I was busy with major Lunar New Year festivals, I didn’t immedilately follow up with these messages.
In the subsequent days, I continued to receive instructional messages and Agoda-blocked links from the “hotel operator”. I even asked my wife if she could understand what the “hotel operator” was trying to get us to do, as it doesn’t make sense for us to “fill in some online form for a booking fee that isn’t a deposit, and that we wouldn’t get charged for it”. I was starting to think if this is some real-life online “Squid-Game” test that I need to complete to compete for some murderous prize money.
Finally, after all the mad Lunar New Year rush was done, I reached back to the “hotel operator” about the blocked links, only to get a message that says those messages were not from the hotel operator. It finally made sense that I was receiving messages from a scammer through my Agoda hotel booking. Fortunately, because Agoda was blocking those external links, I couldn’t get scammed through their app, even if I wanted to.
What I inferred from my experience ( which could be wrong )
What I faced feels very similar to what I read about a few months ago in 2024.
In fraud detection 101, we have this concept of either user level detection and activity level detection. The general idea is where we either detect bad actors ( not those in C-grade chick-flick movies ) from entering our ecosystem to execute fraud, or to prevent bad actions from happening within our platforms.
Even when such problems were flagged in early 2024, Agoda seems to still have issues detecting bad actors from entering their ecosystem. And interestingly, the official hotel point of contact on Agoda did not even seem to know the scammers were messaging me through Agoda. Either they do not actively monitor their Agoda messages ( they do not contact hotel guests directly, therefore did not see a need to monitor them ), or Agoda doesn’t inform them of any messages that they were sending out to guests. Fortunately, the hotel operator did respond to my question, although even at that point, they didn’t seem to know what messages were sent before I reached out to them.
What Agoda did well
Without a doubt, by blocking the external links, Agoda prevented me from getting scammed, and I am very grateful for that. Singaporeans may realise that this is also done by another marketplace platform in Singapore, called Carousell, where the platform blocks things like phone numbers and external links to prevent scams from happening. *Disclaimer, I used to work in Carousell.
False positives — Calling non-fraudulent behaviour fraud
The tricky thing about what Agoda did was that non-fraudulent behaviour could also be blocked. For example, if for some reason the hotel operator really wanted to share some relevant information to me, they can only do it through Agoda, and not any other external link.
Bringing this back to our Singapore context, I have heard complains about Carousell blocking the sharing of phone numbers that allow buyers and sellers to communicate directly with each other. In certain situations, this is creating friction for genuine users who are more comfortable chatting on their preferred communication apps. To a large extent, Carousell is sacrificing the user experience of a large non-scammer user base to protect them from a small pool of scammers.
Nonetheless, be it from my professional experience dealing with fraud at Grab, or how Agoda helped save me from some scam, I am somewhat agreeable to what both platforms are trying to do to prevent scams / fraud.
Some suggestions to Agoda
- Get hotels to receive all messages from their message boards with their guests, including their own messages. Hotel account managers will then have better visibility on any dubious activity that is using their accounts to reach out to their guests, and hopefully help prevent any scam attempts on their guests. However, I do understand that this may be passing the load of “fraud moderation” to hotel operators, who may already be very swamped with their existing work.
- Boost their user level authentication process, such as allowing hotel account managers to reset all logins. Agoda may still be in the process of setting such things up, so I can understand that blocking links may be the best short term alternative.
To Agoda hotel guests
As long as scammers have a chance to reach users through Agoda, if these scammers eventually find a gap in Agoda’s action level fraud detection ( maybe emails, phone numbers, something? ), Agoda users may be prone to getting scammed. Be mindful that it is the full-time job of many of these scammers to identify loopholes in these platforms, so them taking one step closer to us through Agoda is boosting their probability of potentially scamming us. The first step if you want to be an Agoda hotel user is to be mindful that scammers can message us directly through the Agoda app, at least for now.
Second, when in doubt, either try to speak to someone from the hotel directly, or speak to someone from Agoda ( they have a dedicated customer support team ). While the blocked links already prevent me from getting scammed, checking in through the app helped me realise this was indeed a scam.
Conclusion
The title of this post is quite click-baity, but I do want Agoda users to be mindful that they could be speaking to scammers on the Agoda app. Agoda did also prevent me from eventually getting scammed, so kudos to Agoda. Even as an ex-fraud data analyst, I did not suspect anything until I was informed by the hotel operator that I wasn't receiving messages from someone else.
The negative impact of such activities on their branding is hard to measure, but definitely there. My previous negative experience with Agoda caused me to write an extremely lengthy article, and it took me about 6 months before I started using them again ( since then, I did become too strong a user of Agoda, so maybe hey, actions speak louder than lengthy essays, and in the end, it doesn’t even matter ? ).
Beyond branding, if these scammers found another loophole through their system, both users and hotels may lose confidence in Agoda and decide to go to other platforms instead ( Although one should also read here to know which travel apps are owned by the same companies, in case you really want to jump ship ).
And if anyone is asking, yes, I kept my booking with Agoda, although I may take up the free cancellation offer if my itinerary changes. And yes, CHF stands for Swiss Francs, and I am planning a trip to Switzerland / Italy with my wife for our European honeymoon this year :)
