Reservation Hijack scams: the travel scam that looks like your real hotel booking
You’re so excited for your trip. You book a hotel. Everything looks normal.
Then a message comes in that seems routine, like a standard follow-up message from guest services. It references your trip, including the hotel name, your travel dates, and payment details.
It looks normal, but it’s not.
This is part of a growing scam trend Norton researchers have named the Reservation Hijack scam, and it works so well because it blends into something real: your actual booking.
What is a Reservation Hijack scam?
Reservation Hijack scams are types of targeted phishing scams that use real hotel reservation booking details to make outreach messages feel legitimate and trick travelers into making payments or sharing sensitive information.
In some cases, scammers may even gain access to hotel systems or booking platforms like Booking.com, allowing them to contact guests through channels that are normally considered trustworthy. That means the message you receive might not only look real but may also come through a platform you already trust, making the scam significantly harder to detect.
That’s what makes this scam so effective. It doesn’t ask you to trust an unfamiliar-looking message. It asks you to trust a message that already looks and feels very familiar.
What Norton researchers uncovered
Norton researchers have observed an increase in the scams that exploit real booking data and trusted travel platforms.
Key findings include:
- Scammers are increasingly targeting travelers with active reservations, not random users.
- Messages are delivered through trusted channels, including booking platforms and official-looking emails.
- Attacks frequently involve urgent payment requests tied to legitimate bookings.
- The use of real reservation details makes these scams significantly more effective than traditional phishing scams.
How scammers get access to your reservation details
One of the most unsettling parts of this scam is how much attackers seem to know. In some cases, scammers gain access by:
- Compromising hotel or partner accounts through phishing or weak passwords
- Exploiting third-party vendors connected to booking systems
- Accessing platform messaging tools to impersonate legitimate properties
How the scam unfolds
A Reservation Hijack scam often starts with a message related to a travel booking you recently made. It could arrive via email, SMS, WhatsApp, or even through a booking platform’s messaging system. Because it references real details, it doesn’t immediately raise suspicion.
The message typically introduces a problem, such as an issue with your payment or a need to verify your reservation. There’s often a sense of urgency, suggesting that your booking could be canceled if you don’t act quickly.
From there, you’re directed to a payment page that appears legitimate but is actually designed to capture your financial or personal information. By the time you reach this step, the context feels so real that many people don’t think to question it.
Why this scam is so convincing
What sets this scam apart is how personal it feels. Instead of guessing, attackers may already know where you’re traveling, which hotel you booked, and how long you’re staying.
That context creates a powerful sense of trust. The message doesn’t feel random or out of place. It feels like part of your typical travel experience.
And that’s exactly the point.
Scammers are no longer just trying to trick you with poorly written emails. They’re using real information and real moments in your life to make their requests feel completely reasonable.
What scammers can do with your information
Falling for a Reservation Hijack scam can lead to more than just a single fraudulent charge.
Depending on what information is shared, scammers may make unauthorized purchases using your payment details, steal personal information for identity theft, attempt additional scams using your data, or disrupt your travel plans if your booking is affected.
The impact can extend beyond your trip, especially if sensitive information is compromised.
How to stay safe while booking hotels
The most important principle to remember is this: trust your booking, not the message.
If you’re ever asked to take action on your reservation, slow down and verify the message independently. A few simple steps can help protect you:
How to avoid a Reservation Hijack scam
- Don’t click payment links in messages
Pause and verify the legitimacy of the message, even if it looks like it’s from your hotel or booking platform. - Go directly to the source
Log into your booking site or contact the hotel using official contact channels. - Be cautious of urgency
Don’t feel pressured to act quickly, as such pressure is a big red flag. - Verify before you act
If something feels off, confirm through a separate, trusted channel.
These small steps can help you avoid turning a real booking into a material loss.
What to do if you think you’ve been targeted
If you believe you may have interacted with a scam message, act quickly:
- Contact your bank or credit card provider immediately.
- Monitor your accounts for unauthorized activity.
- Change the passwords on your booking and email accounts.
- Report the incident to the booking platform and relevant authorities.
Taking fast action can help limit potential damage.
Why are these scams increasing?
Scams like the Reservation Hijack scam are becoming more common as attackers adopt more advanced, targeted tactics. Instead of relying on generic phishing scams, they are leveraging real-time data, trusted platforms, and personalized messaging to blend their communications seamlessly into everyday experiences.
At the same time, travel bookings have surged, creating more opportunities for scammers to exploit active reservations and reach travelers at the exact moment they’re expecting communication.
The result is a new kind of scam that doesn’t look suspicious at all.
Staying safe today isn’t just about spotting what looks fake. It’s about recognizing how companies contact you, how you can verify the legitimacy of those communications, and when something feels too real, because that’s exactly what modern scams are designed to be. Beyond awareness, products like Norton 360 Deluxe can help keep you a step ahead by blocking sketchy sites, catching potential scams, and keeping your personal information locked down so you can travel (and book) with confidence.
Editors' note: Our articles offer educational information and are written to raise awareness about important topics in Cyber Safety. Norton products and services may not protect against every type of threat, fraud, or crime we write about. For more details about how we research, write, and review our articles, see our Editorial Policy.
Want more?
Follow us for all the latest news, tips, and updates.