Fake hotels, airline identity theft and AI scams are an increasing risk for travelers
Online travel-related scams have become far more convincing than they were a few years ago. Fake hotel websites, profiles pretending to be official airline customer support, non-existent apartments and ads created with the help of artificial intelligence are increasingly targeting people who book accommodation, flights or tourist packages. According to warnings from the U.S. Federal Trade Commission, scammers create websites advertising supposedly free or unusually cheap trips, send messages that look as if they come from well-known hotels and carriers, and ask for personal data or payment outside secure channels. Such messages often rely on urgency: the booking supposedly has to be confirmed immediately, the card has to be entered again or the accommodation will be canceled. It is precisely this combination of a familiar brand, time pressure and professionally made design that makes new travel scams especially dangerous.
Scams no longer rely only on obvious mistakes
Until recently, many online scams could be recognized by poor language, unconvincing photographs or unusual website addresses. Today that threshold is much higher. According to an analysis by Help Net Security, scammers use generative tools to create photorealistic images of accommodation that does not exist, descriptions that sound professional and reviews written in a way that imitates real guest impressions. Such ads can appear on social networks, on fake copies of well-known platforms or, in some cases, as malicious content that tries to blend into a legitimate online environment. Because of this, it is no longer enough to rely only on the impression that a page looks tidy or that the text has no spelling mistakes. Checking the official domain, property details and payment method has become a necessary part of every serious online booking.
Fake hotel websites imitate well-known brands
One of the most common patterns is the creation of pages that look like an official hotel booking confirmation system. According to a report by Cyber Security News, a large phishing campaign discovered in 2025 used more than 4,300 fake domains aimed at travelers planning a holiday or preparing to arrive at a hotel. In such messages, the victim often receives a warning that the booking must be confirmed within 24 hours in order to avoid cancellation. After clicking, the user is redirected through several pages, and the final page asks for the card number, expiration date, CVV and other data needed to charge the account. Researchers stated that the fake pages imitated major travel brands and hotel systems, with logos, forms and designs deliberately created to look credible.
It is especially dangerous when scammers have access to part of the real booking data. Then the message can contain the correct arrival date, the hotel name or the guest's name, which reduces the recipient's caution. This form of scam is often described as booking takeover or abuse, because criminals do not always have to invent the entire trip; it is enough for them to use existing data in order to request an additional payment, re-entry of the card or communication through an unofficial channel. If a hotel or platform really needs a data update, the safe procedure is to open the official website or application independently, without clicking on a link from the message. Any request for a bank transfer, cryptocurrency, gift card or sending card details through chat should be treated as a serious warning sign.
Airlines and customer support have become a frequent target of impersonation
Scams are not limited only to hotels and apartments. Fake airline customer support profiles on social networks exploit situations in which passengers are under stress because of delays, flight changes, lost luggage or the need for a quick answer. According to warnings published in recent months by airlines and security sources, scammers often respond to passengers' public posts, use the logo of a real company and then try to move the conversation to private messages. There they ask for the booking number, personal data, a copy of a document or payment of an alleged fee for changing a flight. A passenger who is already in trouble may, because of haste, overlook that the profile has no official badge, that the username is unusual or that he is being directed to a phone number and page that are not listed on the company's official website.
The Federal Trade Commission warns that links in messages that look like an airline or hotel offer should not be clicked without checking the real address. The recommendation is to open the official page by manually typing the address or through an already installed application, and not through a link from an unexpected e-mail, SMS or social media post. The same applies to calls supposedly coming from an agent or support service, especially if they are accompanied by a request that communication continue through an unknown application. Reliable companies generally do not ask for sensitive card data in unencrypted messages and do not make preservation of a booking conditional on payment through a channel that cannot be traced. If a message seems convincing but unusual, it is safer to stop communication and independently contact the official contact center.
Artificial intelligence has made it easier to create fake apartments and reviews
Generative artificial intelligence has changed the appearance of travel scams because it enables the rapid creation of photographs, descriptions and user reviews that no longer look amateurish. According to Help Net Security, scammers can in a short time create a series of images of luxury accommodation that does not exist in reality, then add a detailed description of the location, alleged amenities and a series of positive comments. At first glance, such an ad can look more convincing than a real one, especially if the photographs are flawlessly lit, the interiors are harmonious and the price is favorable enough to encourage a quick decision. This is a problem for travelers, but also for legitimate platforms, because trust in digital bookings is undermined when a user cannot easily distinguish a real property from a generated image. An additional risk arises when a fake ad is promoted through paid advertising or through profiles that already have part of an audience.
There are still warning signs. If the accommodation has only a few reviews, if they are all written in a similar style, if there are no concrete details about the surroundings or if the same photographs cannot be connected with a real address, the booking should be checked further. It is useful to look for the property on maps, check whether street-view photographs exist, compare the description with other platforms and call the official contact if one exists. If the landlord insists that payment be made outside the platform, for example by bank transfer or an application for direct money transfer, the risk increases significantly. According to the FTC, requests for payment by wire transfers, gift cards or cryptocurrencies in travel offers represent a typical sign of fraud.
Damage to travelers and the tourism industry
The financial damage from online scams is broader than individual cases of lost deposits. According to FTC data for 2024, U.S. consumers reported more than 12.5 billion dollars in fraud-related losses, which was 25 percent more than the year before. Separate warnings and analyses on travel scams state that travel, holidays and timeshare models are among the categories that create significant losses for consumers. The FBI's Internet Crime Complaint Center announced that in 2024 it received 859,532 reports of suspicious internet crimes and that reported losses exceeded 16.6 billion dollars. Although these data relate to a broader spectrum of internet crime, they show the scale of the environment in which travel scammers also operate.
For the tourism sector, the consequences are not only the direct losses of users. Fake websites and brand identity theft undermine trust in hotels, airlines, agencies and booking platforms. If money is charged to a guest's card through a fake website that looks like the website of a well-known hotel, the reputational problem can also affect the real hotel, even though it did not participate in the scam. Tourism security experts, including Dr. Peter E. Tarlow, have warned for years that security is one of the foundations of sustainable tourism, and his book and professional papers connect the field of tourism security with risk management, hospitality, transport and crisis situations. In the digital environment, this security no longer refers only to the physical protection of guests, but also to the protection of data, communication channels and the booking process.
How travelers can reduce the risk before booking
The most important rule is to check the offer before paying, especially when the price differs significantly from the market price. The FTC recommends searching for the name of the website or agency together with terms such as scam, review or complaint, because this can reveal earlier warnings from other users. The website address must be checked character by character, because scammers often use domains that differ from official ones only by an added letter, hyphen, number or unusual ending. For hotel bookings, it is useful to compare data from several sources: the hotel's official website, a well-known booking platform and mapping services. For private accommodation, caution is needed with ads that have no review history, offer luxury at an unrealistically low price or request communication outside the system on which the ad was published.
The payment method is often the clearest indicator of risk. Paying by card through a known and protected platform generally provides more possibilities for disputing a transaction than transferring money to an unknown person. The FTC explicitly warns that travel offers requiring wire transfers, gift cards or cryptocurrencies should be considered suspicious. The FBI also, in broader warnings about cyber scams, advises avoiding sending money or digital assets to unknown persons and reporting suspicious cases. In practice, this means that a booking should not be completed if the seller refuses standard payment methods, pressures the buyer with urgent deadlines or claims that a special price can be obtained only outside the official platform. A reasonable delay of a few minutes is often enough to check the source of the message and avoid a larger loss.
What to do if a booking is suspicious
If the message has already arrived and seems to come from a hotel, agency or airline, one should not reply through the same channel before checking. A safer procedure is to open the official application or website and check the booking status directly in the user account. If no problem is visible in the account, the message should be treated as potential phishing. If the payment has already been made, it is necessary to contact the bank or card issuer as soon as possible, request that the card be blocked if the data were entered on a suspicious page and initiate the transaction dispute procedure. Messages, confirmations, website addresses, account numbers and all communication should be saved, because these data can help the platform, bank or police in further processing.
The scam should also be reported to the platform on which the ad was located, the real hotel or airline whose identity was abused, and the competent authorities for reporting cybercrime or consumer protection. The FTC directs consumers in the United States to ReportFraud.ftc.gov, while the FBI uses IC3.gov for internet scams. In other countries, reports are submitted to the competent police, the national cybersecurity center or the consumer protection institution. A quick report is important because fake domains and profiles often shut down and reappear under other names. The more data that are available, the greater the possibility of warning other users and limiting the damage.
Tourism security is also becoming a matter of digital literacy
The rise in scams does not mean that online bookings are unsafe in themselves, but that they must be used with more checking than before. Real hotels, airlines and platforms invest in security systems, but attackers exploit moments when the traveler is outside the usual routine: rushing to a flight, looking for the last available room or fearing that he will lose a holiday already paid for. That is why the most dangerous requests are those that combine urgency, a familiar brand and a financial action. According to available security warnings, scammers will increasingly use artificial intelligence to remove previously easy-to-spot signs of fraud, from poor grammar to unconvincing images. Defense therefore increasingly comes down to a simple but consistent rule: do not trust a message just because it looks professional, but check the source, channel and payment method before entering data or sending money.
Sources:
- Federal Trade Commission – advice for recognizing fake travel websites, phishing messages and suspicious payment methods (link)
- Federal Trade Commission – general guide for avoiding scams when traveling and booking (link)
- Federal Trade Commission – Consumer Sentinel Network data on reported fraud losses in 2024 (link)
- FBI Internet Crime Complaint Center – report on internet crime for 2024 and reported losses (link)
- Cyber Security News – analysis of a phishing campaign with more than 4,300 fake domains imitating travel brands (link)
- Help Net Security – overview of AI-generated photographs, fake ads and reviews in travel scams (link)
- ScienceDirect / Elsevier – description of Peter E. Tarlow's book Tourism Security and the field of tourism security (link)