More news on this day
New alerts from regulators, cybersecurity teams and major travel brands are warning that booking scams are rising in scale and sophistication this year, exploiting real reservation data, messaging apps and off-platform payments to trick travelers out of their holiday savings.
Get the latest news straight to your inbox!

Fresh alerts point to surge in travel and rental fraud
Recent advisories from consumer protection agencies and cybersecurity centers indicate that travel-related scams are intensifying as the 2026 peak season gets underway. Guidance from the United States Federal Trade Commission highlights that losses linked to imposter and rental scams have surged in the last two years, with rental fraud alone accounting for tens of millions of dollars in reported losses in the latest 12‑month data window.
Across the Atlantic and in Asia-Pacific, similar warnings are emerging. Publicly available information from Europol on cyber-safe holidays emphasizes that fake listings, cloned booking sites and bogus offers remain a persistent problem for travelers booking accommodation and transport online. In late June, the Hong Kong Computer Emergency Response Team Coordination Centre urged summer travelers to be cautious of phishing messages that mimic well-known hotel and booking platforms and attempt to harvest credentials and payment details.
At the global level, an assessment published by Interpol this year describes online fraud, including travel-related schemes, as part of a broader financial crime ecosystem that is becoming more organized and technologically advanced. The report notes that artificial intelligence tools are being used to craft more convincing messages, fabricated listings and deepfake identities designed to bypass traditional consumer skepticism.
Industry analysts say the cumulative effect is that scammers now operate within the same digital spaces travelers trust most, exploiting platforms, apps and communication tools that people associate with legitimate bookings rather than obviously fake websites or unsolicited emails.
Real booking data exploited in phishing campaigns
One of the most concerning developments highlighted in recent coverage involves fraudsters gaining access to real reservation data from hotels and online travel agencies and then using that information to contact guests. Reports focusing on major global platforms describe campaigns in which criminals obtain booking details through breaches or successful phishing attacks on hotel staff, then pose as the property or the platform to demand advance payments or “verification” of card information.
Technology security analysis published this spring details how attackers have targeted hotel employees with convincing phishing emails that imitate booking portals. Once malware is installed on back-office systems, criminals can view live guest reservations, arrival dates and contact information. That allows them to send personalized messages through email, text or messaging apps that reference genuine bookings, making the fraudulent payment requests appear authentic.
News coverage in markets such as Australia has documented travelers receiving messages on WhatsApp that appeared to come from their booked hotel shortly after they made a reservation on a mainstream platform. The messages included correct names, dates and room categories, but linked to external payment pages or requested bank transfers that were not required under the original booking conditions. In multiple reported cases, victims only discovered the fraud when they arrived to find the hotel had never received payment.
Security specialists note that this approach represents a shift from earlier scams that relied on generic spam. With real booking metadata in hand, criminals can tailor their outreach to specific journeys, increasing both the credibility of their story and the pressure on travelers to respond quickly to avoid supposed cancellations.
Messaging apps and off-platform payments under scrutiny
Investigations by consumer groups and regional cyber response teams show that messaging apps are now central to many booking fraud scenarios. Travelers commonly report being contacted through apps such as WhatsApp, Telegram or similar services by accounts that appear to represent hotels, hosts or customer support agents. These messages often encourage recipients to click shortened links, share one-time passcodes or move payments to bank transfers and digital wallets outside the original booking system.
The Hong Kong Computer Emergency Response Team has specifically warned about phishing campaigns that impersonate Booking.com and hotel confirmation messages, often containing shortened links that redirect to lookalike payment pages. Once travelers enter card numbers or login credentials on those pages, scammers can drain accounts or reuse the details to open new lines of credit or book goods and services elsewhere.
Consumer advisories from organizations such as the Better Business Bureau in North America similarly highlight a pattern where guests begin a legitimate search on respected platforms but are then nudged to “save fees” by paying directly via a host’s own website, bank transfer or peer-to-peer payment app. Publicly shared case histories describe travelers who wired large deposits for vacation homes after initial contact on a reputable platform, only to find the property either did not exist or had never been available for rent.
Cybercrime researchers also point out that the blending of personal chat with commercial transactions makes it harder for travelers to maintain cautious habits. When the same app hosts family conversations, airline notifications and supposed “urgent” messages from hotels, it becomes easier for a well-crafted fraudulent message to slip through a traveler’s normal defenses.
Platforms highlight security tools as scams adapt
Major booking and home-sharing platforms are responding by emphasizing their in-house security systems and warning users to keep communication and payments within official channels. Recent updates and press materials from Airbnb stress identity verification, automated fraud detection and in-app prompts that warn users when someone attempts to move a conversation or transaction off the platform. The company has also reported on efforts to block risky bookings around holiday weekends and to remove fake or misleading listings.
Research cited in Airbnb’s consumer education campaigns suggests a significant share of adults in the United States have encountered some form of online scam, with average reported losses in the thousands of dollars. Against that backdrop, the platform has partnered with financial crime investigators in the United States to circulate guidance on recognizing fraudulent outreach and to remind users that unexpected links or payment requests outside the app are red flags.
Traditional travel intermediaries are also adapting. Coverage from national broadcasters in markets heavily affected by booking fraud notes that some travelers are turning back to established travel agencies for complex trips, citing the reassurance of dealing with a known bricks-and-mortar business. While online platforms remain dominant, industry watchers say this shift underscores a wider desire for human verification at a time of rising digital risk.
Security briefings from Europol and other regional agencies encourage platforms and accommodation providers to strengthen staff training, tighten access to booking systems and monitor for unusual login activity that might indicate credential theft. Analysts argue that better defenses at the supplier and platform level are critical, because many of the most convincing scams begin with the compromise of a hotel inbox or property management account rather than a direct attack on travelers.
Practical red flags for travelers ahead of peak season
Amid the wave of warnings, consumer advocates are focusing on practical steps travelers can take. Guidance from the FTC and European law enforcement bodies advises booking through recognized channels, cross-checking properties across multiple reputable sites and using credit cards, which generally offer more robust chargeback protections than bank transfers or cash-like apps.
Prevention guides circulated by Europol recommend treating exceptionally low prices or “too good to be true” package offers with skepticism, especially when they are tied to tight deadlines or aggressive pressure to pay immediately. Travelers are also urged to verify that properties appear on digital maps and to compare photos and descriptions across several booking services to weed out listings that have been copied from legitimate rentals without the owner’s consent.
Cybersecurity centers stress that travelers should treat any unsolicited request to “reconfirm” payment details, provide card numbers over messaging apps or pay outside the original platform as a likely scam, even if the message includes accurate booking information. Instead of clicking embedded links, experts recommend logging directly into official apps or websites, or contacting the hotel or platform via verified customer service channels to check whether any action is really required.
With summer travel ramping up and large global events on the horizon, analysts expect criminals to keep refining their tactics. For now, publicly available evidence suggests that a combination of platform-level protections and individual vigilance offers the best defense against increasingly convincing booking scams that blur the line between legitimate travel planning and financial crime.