New Hotel Reservation Scam Targets Travelers: How to Protect Yourself

New Hotel Reservation Scam Targets Travelers: How to Protect Yourself

June 25, 2026 discoverhiddenusacom Business

A new lodging reservation scam is targeting travelers by using breached data to send phishing emails containing exact confirmation numbers and travel dates. According to Eva Velasquez, CEO of the Identity Theft Resource Center (ITRC), these attacks stem from data breaches of reservation systems at hotels and rental properties across the United States.

The scam begins with an email that appears to come from a hotel or rental property. This message includes the traveler’s specific reservation details and a link to confirm information. Once clicked, the link opens a form requesting a name, email, phone number, date of birth, and payment amount.

Kara Kenney of Indiana’s I-Team reported receiving such an email. Had the process continued, a subsequent page would have requested credit card information. The rental property later confirmed to Kenney that they did not send the communication.

Did You Know? 81 percent of small businesses have suffered a cyberattack.

Why is this reservation scam so convincing?

The effectiveness of this phishing attempt relies on the accuracy of the data used. Velasquez stated that the scams look legitimate because bad actors have infiltrated reservation systems to gather valid, specific information about individual trips.

Why is this reservation scam so convincing?

Velasquez noted that reservation systems are separate from financial data systems. Scammers use this gap to target the additional financial information, such as credit card numbers, that they do not already possess.

Expert Insight: Samantha Carter notes that the shift toward “spear-phishing” represents a significant escalation in risk. By automating the delivery of highly personalized data, attackers can target specific individuals at a scale and speed that makes traditional “gut-feeling” detection unreliable.

How are cyberattacks evolving for travelers?

Abhishek Karnik, Head of Threat Research and Response at McAfee, described the current threat landscape as “incomprehensible.” He stated that scams are no longer generic but are instead “spear-fished,” meaning they target specific individuals in an extremely automated manner.

How are cyberattacks evolving for travelers?

McAfee conducted a scan of screenshots provided by Indiana’s I-Team, which confirmed the linked website was a scam and appeared on a list of known threats. Karnik advised that users can no longer rely on intuition to spot these targeted attacks.

How can travelers protect their information?

The most effective protection is to stop before clicking any links and contact the lodging property directly. AARP suggests using WhoIs.com to verify domain ownership; for example, a site for a major brand like Hyatt or Hertz based in Nigeria is a red flag.

Kara Kenney, Investigative Reporter for WRTV-Indianapolis

The Georgia Attorney General’s Consumer Protection Division states that reputable travel agents typically confirm reservations before requesting payment. Travelers should avoid using search terms like “cheap rental cars,” as these can lead to bogus companies that pay for top ad placements.

The FTC recommends verifying vacation rental ownership through tax assessor websites. If the person renting the property is not the listed owner, it may be a scam. The FTC also warns against paying via gift cards, wire transfers, or cryptocurrency, as these funds are nearly impossible to recover.

Additional safety measures include using a virtual private network (VPN) or smartphone hotspot instead of public Wi-Fi. For international travel, the U.S. State Department Bureau of Consular Affairs is the only recommended source for visa procedures to avoid third-party identity theft scams.

What may happen next for travel security?

Cybersecurity firms may likely increase the deployment of automated scam detection tools as spear-phishing becomes more common. Travelers could see a rise in the use of third-party verification services to confirm property ownership before payment.

What may happen next for travel security?

Industry analysts may expect more lodging providers to integrate their reservation and financial systems into more secure, unified architectures to prevent the type of infiltration described by the ITRC.

Frequently Asked Questions

How do scammers get my exact reservation number?
According to Eva Velasquez of the ITRC, scammers are compromising reservation systems at hotels and rental properties through data breaches.

Which payment methods should I avoid when booking travel?
The FTC and other experts warn against using gift cards, wire transfers, cryptocurrency, Zelle, and Venmo, as these lack the fraud protections offered by credit cards.

What should I do if I clicked a suspicious link?
You can run a security scan on your device to check for viruses or malware.

Have you ever received a travel confirmation email that seemed slightly off?