Fake Marriott Hotel Pre-Arrival Payment Verification Scam
Criminals send fake pre-arrival messages impersonating Marriott hotels asking guests to re-confirm payment card details through an external link before check-in.
Part of: Fake Hotel Payment Verification Scams
Last reviewed: 7 June 2026
Marriott International operates thousands of hotels across its portfolio of brands — including Marriott Hotels, Sheraton, Westin, W Hotels, and others — serving many millions of guests annually. Pre-arrival communications from hotel properties are a standard part of the guest journey, and scammers exploit this normalcy to send fake pre-arrival payment requests.
The fraudulent messages typically arrive by email two to five days before the scheduled check-in date — a timing calibrated to feel like genuine hotel pre-check-in preparation. They reference the property name and reservation details and ask the guest to confirm or re-enter payment card details through a link.
Marriott's standard practice is to authorise a card at check-in or through Marriott Bonvoy's Mobile Key feature — not to request card re-entry through an emailed link prior to arrival.
How this scam works on the Marriott brand
The scam operates similarly to the Booking.com hotel-account compromise: fraudsters either send phishing emails directly using non-Marriott domains, or in some cases compromise smaller-brand property email accounts to send the fraudulent request from a more credible address.
The fake payment page is designed to resemble Marriott's checkout or Marriott Bonvoy payment interface. Card details entered are captured immediately and used for fraud. Some pages also collect the guest's Bonvoy number and the last four digits of their member password under the guise of 'linking the payment to your Bonvoy account'.
A phone-based variant involves a call to the hotel's main switchboard asking to be connected to a 'guest with an upcoming reservation', and then informing that guest of a 'payment processing issue' that must be resolved before they arrive.
Common red flags
- A pre-arrival email asking you to enter card details through a link rather than at check-in
- The email sender is not from a @marriott.com or recognisable brand subdomain
- The payment link leads to a domain that is not marriott.com or the specific Marriott brand's domain
- The message asks for your Marriott Bonvoy number and password together with card details
- The request arrives as a direct call to your mobile claiming to be from the hotel
How to protect yourself
- Do not provide card details through links in pre-arrival emails — contact the hotel directly using the number on marriott.com for your specific property to verify
- Log in to your Marriott Bonvoy account to check your reservation and any genuine pre-arrival communications
- Marriott properties authorise cards at check-in — there is no standard reason to provide card details through an email link beforehand
- If in doubt, call the property directly using the contact number listed on the Marriott.com property page
How to report it
- Report the suspicious email to Marriott Customer Care at marriott.com/help
- Forward to your national cybercrime authority if financial loss occurred
- Contact your card issuer immediately if card details were entered on the fraudulent page
- Report to the FTC at reportfraud.ftc.gov
Frequently asked questions
Would a Marriott hotel ask me to enter my card details via email before arrival?
No. Marriott properties handle card authorisation at check-in, either in person at the front desk or through the Marriott Bonvoy app's Mobile Check-In feature. An emailed link asking for card details before arrival is not standard and should be treated as suspicious.
I gave my card number on a link from what I thought was my Marriott hotel. What now?
Contact your card issuer immediately to report a potentially compromised card and dispute any charges. Also report to Marriott Customer Care and to your national consumer protection or cybercrime authority.