Picture this: you’ve booked your summer holiday, confirmation saved, flights sorted, bags packed. You’re ready and raring to go.
Then a message lands, supposedly from your hotel, referencing your exact booking – and asking you to quickly verify payment details before arrival.
It doesn’t feel like a scam – and that’s exactly the problem.
The fast-growing new fraud trend has been dubbed the ‘reservation hijack scam’.
Attackers use real booking details to impersonate hotels and trick travellers into handing over payment information.
The term has been coined by researchers from Norton, who are warning of the increasingly widespread trend.
And with peak travel season approaching, this scam is already surging across the UK.
It represents a shift from generic phishing to far more convincing attacks built on real data.
Scams can quickly ruin a holiday – and the latest type even uses your real details
The ‘reservation hijack scams’ can target you via text, using details from your actual booking
Travellers aren’t being caught out by bad spelling or dodgy links, they’re being caught out because the message looks exactly like something they’d expect before a trip.
These attacks are often timed around upcoming trips, making them feel urgent and relevant.
In many cases, the scam unfolds within trusted environments such as booking platforms, hotel messaging systems, or even WhatsApp, which makes it significantly harder for consumers to spot.
There are two primary ways attackers are carrying this out.
The first is impersonation, where scammers pose as hotels or booking providers using highly convincing messages, branding, and context.
The second, more sophisticated route is account takeover, where attackers gain access to legitimate hotel or partner systems.
This allows them to contact guests through real booking platforms using genuine reservation details, making the communication appear completely authentic.
What makes this scam particularly effective is that it removes many of the warning signs people have been trained to look for.
Alternatively, the hack can take place via websites such as Booking.com
Messages often reference real bookings, including hotel names, dates, and locations, and are delivered via trusted platforms rather than random emails.
As a result, even cautious consumers can be caught off guard, especially when the message creates urgency around payments or booking issues.
Luis Corrons, Norton Security Evangelist and the researcher behind this trend, has explained how the scam works and why it’s so effective – as well as what travellers should look out for this summer, and what hotels and booking platforms need to do to avoid becoming part of the fraud chain.
Luis told the Daily Mail: ‘For years, the best advice on travel scams was simple, watch for bad grammar, generic messages, and suspicious links. That advice still matters, but it’s no longer enough.
‘What we’re seeing with the reservation hijack scam is a clear evolution in how attackers operate and there two main routes they are adopting. The first is impersonation.
‘The second, more sophisticated route is account takeover, where attackers gain access to real hotel systems and contact guests through legitimate booking platforms using genuine reservation details. At that point, the scam is truly embedded in a real customer journey which makes it tricky to identity.
‘For consumers, the key is simple – trust your booking, not the message. Even if a message references your real booking, any request to confirm or re-enter payment details should raise a red flag, particularly if there’s pressure to act quickly.
‘The safest approach is to step outside the conversation and verify independently, either by logging into the official website or contacting the hotel using trusted details. Taking that extra moment to check can prevent what feels like a routine travel update from turning into a costly scam.’
