Fake Booking Site Scams via Email
Phishing emails impersonating major booking platforms notify recipients of a reservation problem or exclusive deal, directing them to fraudulent checkout pages that harvest payment details.
Part of: Fake Booking Sites
Last reviewed: 1 June 2026
Travel booking email scams take two main forms: phishing emails that mimic a genuine booking platform to steal credentials or payment details, and promotional emails that drive recipients to fraudulent checkout pages offering deals on accommodation or packages that do not exist.
Both formats exploit the high volume of legitimate booking-related emails that travellers receive, making it easier for a well-crafted fake to blend in with genuine communications from platforms the recipient uses regularly.
How this scam works on Email
An email arrives using the branding of a well-known booking platform, stating that a reservation has a payment issue, that a price drop is available for a recent search, or that a limited deal is expiring. A link leads to a phishing page that replicates the booking platform's login or payment interface.
Credentials or payment details entered on the phishing page are harvested immediately. The victim may receive a fabricated booking confirmation before the phishing page is taken down, delaying discovery until the travel date arrives.
In promotional-email variants, a new email address lists itself as a deals affiliate and offers sharply discounted bookings that lead to a fraudulent checkout page rather than a legitimate platform.
Common red flags
- Sender email domain does not exactly match the official booking platform domain
- Email link destination differs from the displayed text when hovered over
- Email claims an urgent problem with a booking you did not make or have not recently searched for
- Deal offered is dramatically below current prices on the official platform
- Checkout page requests card details without showing the padlock and matching domain of the genuine platform
- Email arrived from an address you did not sign up to receive promotions from
How to protect yourself
- Navigate directly to the booking platform's official website rather than clicking email links to access your account
- Enable two-factor authentication on travel booking accounts to limit damage if credentials are phished
- Hover over links in booking emails to verify the destination URL before clicking
- Check the official platform for any deal or price drop mentioned in a promotional email rather than clicking through
- Use a dedicated virtual card number for online travel bookings to limit exposure if details are compromised
How to report it
- Forward the phishing email to the genuine platform's fraud reporting address — most major booking platforms have a dedicated phishing report inbox
- Report to your national cyber-fraud reporting centre
- Contact your bank or card provider immediately if you entered payment details on a suspicious page
Frequently asked questions
How can I tell if a booking platform email is genuine?
Check the sender's email domain character by character against the platform's known domain, hover over links to verify their destination, and log in to your account directly through the platform's website rather than through the email link to see if any genuine issue exists.