Fake hotel booking payment scam targeting travelers

Cybercriminals are exploiting hotel booking workflows to scam travelers with fake payment requests, turning legitimate reservations into attack vectors. Researchers from Gen Digital have identified this campaign, called the Reservation Hijack Scam, where attackers send messages via WhatsApp, SMS, email, or booking platforms that appear to come from hotel staff and include real booking details to gain trust.

Fake hotel booking payment scam targeting travelersFake hotel booking payment scam targeting travelers

In more advanced cases, attackers compromise hotel management systems like Cloudbeds by stealing employee credentials. This allows them to access real reservation data and communicate directly with guests through legitimate channels. Victims receive fake payment links or PDFs that mimic official hotel communications, leading them to phishing sites designed to steal card and banking information.

Fake hotel booking payment scam targeting travelersFake hotel booking payment scam targeting travelers

Security experts warn travelers to avoid clicking payment links from messages and instead verify directly through official hotel websites or booking platforms. Hotels are urged to strengthen security with multi-factor authentication, stricter access controls, and monitoring of communication systems to prevent such attacks and protect guest data.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net