
by Mia Taylor
Last updated: 8:00 AM ET, Sat April 18, 2026
For my recent spring break vacation to La Paz, Mexico, I made all the hotel reservations myself online months in advance.
I personally visited each hotel's website and entered my family's name, address, the dates of our intended stay, and my credit card information, as required. After that, I received an email from each property confirming that our reservations were secured.
So I was more than a little surprised when, about 10 days before our vacation was scheduled to begin, I received an email from one of the hotels labeled "Urgent." The email in question informed me that my reservation was, in fact, "not yet secured" and that I had to take one more step by entering my credit card information via the link provided in the email.
Since the email appeared to come from the hotel itself and was even signed by someone with the title 'guest relations representative,' I believed it was legitimate. I clicked on the link and tried to enter my credit card information several times. But for whatever reason (perhaps the universe was watching out for me on this day), the link never worked properly, and I couldn't successfully enter my personal information.
At this point, I reached out to the hotel myself directly, using their phone number and the contact email listed on the property's verified website. And guess what? I was shocked to find out that the "Urgent" email with the payment link was a total scam. Whoever sent it was not affiliated with the hotel in any way.
As a travel writer for two decades, I was a little embarrased to learn that I had fallen prey to a scam. But everything looked very convincing. Meaning this could happen to you, too.
The so-called 'Reservation Hijack Scam' that I was (nearly) the victim of is a very popular technique being used in the travel industry right now. According to Norton Anti-Virus software researchers, the Reservation Hijack Scam is a type of targeted phishing scam that uses "real hotel reservation booking details to make outreach messages feel legitimate and trick travelers into making payments or sharing sensitive information."
This new scam works especially well because it blends into something real: your actual booking.
It's one of many travel scams that are on the rise right now. According to Bolster AI, a company that helps one of the world's leading digital travel marketplaces protect its brand, customers, and revenue from online fraud, impersonation, and abuse, there was a five-fold increase in travel scams during peak summer travel months last year, with a four-fold increase during the height of the summer in July 2025. Company representatives say they are expecting "the same or more this year."
"Today's scams are designed to look and feel like real travel experiences. They don't rely on obvious red flags like bad grammar or sketchy-looking websites anymore," says Bolster AI CEO Rod Schultz.
Scammers today "mimic trusted brands and create full customer journeys across multiple channels. You might see an ad, receive a confirmation email, and even get a follow-up call from 'customer support.' That consistency is what makes them convincing," adds Schultz.
With this unsettling development in mind, I spoke with a handful of online security and technology experts to get their top tips for avoiding travel scams. Here's what they had to say.
How to avoid the 'Reservation Hijack Scam'
Treat booking-related messages with extra care, even when they contain real details.
What makes the Reservation Hijack Scam so effective is that it closely mirrors legitimate booking details, including hotel name, travel dates, and the amount due, says Luis Corrons, a security evangelist with Norton.
"Messages that contain accurate information feel like customer service, not spam. That sense of familiarity is exactly what scammers rely on," explains Corrons. He's spot on. The inclusion of those types details in the email I received from what I thought was my hotel in La Paz, allowed me to believe it was legitimate.
Be suspicious of urgent payment or verification requests
.
Scammers often create a false sense of urgency, pushing travelers to act quickly through fake payment links or spoofed verification pages. These messages typically include tight deadlines to discourage second-guessing, says Corrons.
Verify through official channels, not the message itself
.
When you have any doubt or suspicion about a message or communication you've received, don't click on anything in that message or call any phone numbers that it includes.
Instead, pivot immediately and go directly to the source yourself, such as the hotel, tour operator or airline. Call them or email them directly using the contact information on their official website, which you sourced yourself.
"Check your reservation through the original booking platform, the hotel's official website, or its app. If you need to call, use the contact information from your original confirmation, not the details provided in a suspicious message, says Corrons.
Don't assume a message is safe just because it's part of a trusted thread.
This development is perhaps among the most unsettling. It seems that in some cases documented by Norton researchers, attackers compromised real hotel accounts on platforms like Booking.com and injected fraudulent requests into existing reservation conversations.
Again, here too, if you're unsure, connect directly with the booking website to verify, stresses Corrons.
Time is of the essence if you share payment information
We've all been fooled once or twice. If this includes you, and you shared payment information via a suspicious link or message, the best course of action is to act quickly.
"If you've entered payment details through a suspicious link, contact your bank immediately, cancel your card, and enable transaction alerts," advises Corrons. Stolen information is often reused or sold, so taking swift action can significantly reduce potential damage."

Beware of travel scams. (Photo Credit: Adobe Stock/WrightStudio)
Other popular travel industry scams
Unfortunately for travelers, the Reservation Hijack Scam is merely one of many scams currently being employed by criminals at the moment. Here's a closer look at a few more that are widespread.
Ghost bookings
A 'Ghost Booking' involves fake property listings on legitimate platforms like Airbnb or VRBO. Meaning, you're not even entirely safe when you go to a trusted platform to make a reservation.
"Scammers create listings for properties that don't actually exist, often using real photos and addresses pulled from other listings to appear credible—typically paired with a price that seems too good to be true," Tony Sabaj, a cybersecurity expert and head of channel engineering at Check Point Software Technologies, told TravelPulse.
Here's why these scams are so disturbing. Once a traveler shows interest in the ghost property, "the scammer may request an unusually large deposit or ask for payment outside the platform via wire transfer or a separate billing site," Sabaj says. Because the listing is fake, the so-called "owner" disappears as soon as the payment is made. But by that point, you've already wired a large sum of money.
To avoid this, never pay outside an official booking platform, and be cautious of deals that seem unusually low or too good to be true.
"Travelers should also 'reverse image search' listing photos to check if they've been used elsewhere and verify the property address on Google Maps Street View," adds Sabaj. "Reviewing the host's history and ratings is also critical—minimal, generic, or brand-new profiles are a major red flag."
Fake Wi-Fi networks in airports and hotels
Another common scam travelers run into, and one that's especially easy to fall victim to, involves inadvertently connecting to fake or unsecured Wi-Fi networks in airports, hotels, or public spaces.
"These networks often look legitimate but can expose personal data, login credentials, and even financial information," explains Andre Ribeiro, a travel connectivity specialist and founder of Andre On Digital, an eSim marketplace.
"Travelers tend to connect quickly without verifying the network, especially when they need urgent access. A simple way to avoid this is to use mobile data or trusted networks whenever possible, and double-check official network names before connecting," adds Ribeiro.
Social media ads promoting outrageous deals
Scammers frequently use paid social ads to promote heavily discounted flights, hotels, or vacation packages. These ads often look identical to legitimate offers from well-known brands. The catch is in the link or contact information, which routes you to a fraudulent site or call center.
"If a deal feels unusually generous, don't engage directly with the ad," advises Schultz. "Instead, go to the company's official website or contact them using a verified phone number to confirm the offer."
Bottom line, says Schultz: Trust nothing. Verify everything. If it feels too good to be true, it probably is.
Why travel scams are on the rise
Brian Cute, interim CEO of the nonprofit organization The Global Cyber Alliance, which regularly tracks cybersecurity, fraud and scams, says there's been a notable shift in where travel scams originate these days.
"They do not only happen at your destination," explains Cute. "Many start before you ever leave home, often during the booking process."
This includes fake travel websites, cloned listings, and deals that seem too good to pass up, all of which can lead to problems long before your trip begins.
These types of travel scams are becoming more common for a few reasons. To begin with, online booking platforms and third-party listings have made it easier to compare options. But they have also made it easier for bad actors to insert fake listings into the mix, says Cute. A scammer can copy a legitimate hotel or rental listing, change contact details, and present it as their own.
At the same time, travelers rely heavily on mobile devices while on the go. This often means connecting to public Wi-Fi, quickly checking emails, or responding to messages without taking a closer look. "That combination of convenience and distraction creates an opening for scams," Cute says.
Finally, scammers also rely on urgency. "Messages that warn of limited availability or last minute changes are designed to push quick decisions," he says. And guess what: the rise of AI has made it easier to create emails, websites, and even customer support interactions that feel legitimate.
The good news, however, is that small precautions can prevent major disruptions. "With a bit of awareness and a few smart habits, you can protect your plans and focus on the experience ahead," says Cute.
For the latest travel news, updates and deals, subscribe to the daily TravelPulse newsletter.
Topics From This Article to Explore