Hotel Phishing Scams via SMS
How SMS messages impersonating hotels or booking platforms redirect travellers to fraudulent payment pages or request card details for 'pre-authorisation' charges.
Part of: Hotel Phishing
Last reviewed: 9 June 2026
Hotel booking confirmations and pre-arrival communications from hotels are increasingly being mimicked via SMS. A traveller who has made a reservation expects text communication from the hotel or booking platform, making a fraudulent pre-arrival SMS particularly effective. The message may request card pre-authorisation, an outstanding balance, or an identity verification before check-in — all triggering a link click in a moment of compliance.
SMS hotel phishing differs from email variants in speed and context. A text received while the traveller is actively preparing for a trip — checking itineraries, packing — creates a different kind of urgency than a cold email. The traveller is already in a travel mindset and may process the text as a routine pre-arrival communication without scrutinising the sender or the link.
How this scam works on SMS
The SMS arrives purportedly from the hotel or from a booking platform like Booking.com or Hotels.com, claiming an outstanding balance must be settled before check-in or that a card pre-authorisation is required to hold the reservation. A link leads to a page that replicates the hotel's or platform's payment page but is hosted on a fraudulent domain. Card details entered are captured and used fraudulently.
A second variant arrives as a cancellation threat: 'Your reservation will be cancelled unless you complete your payment by today.' This urgency drives the traveller to click without verifying the link. In a third version, the text claims the hotel has been overbooked and offers an alternative, clicking which leads to a fraudulent booking site that collects payment for accommodation that does not exist.
Common red flags
- Pre-check-in payment SMS with a link to a domain not matching the hotel or platform's official website
- Request for full card details via SMS rather than through a secure portal
- Cancellation threat creating urgency to pay before verifying the communication
- Alternative accommodation offer via SMS with a new booking link
- SMS sender name or number does not match the hotel's known contact details
- Outstanding balance SMS arrives for a booking you believe was fully paid
How to protect yourself
- Contact the hotel or booking platform directly using the number or app saved from your original booking to verify any payment request
- Never enter card details on a page reached through an SMS link — use the official booking platform app
- Pre-authorisation holds are standard but should always be requested through official check-in channels, not unsolicited texts
- Screenshot your full original booking confirmation including the confirmed price before travel
How to report it
- Forward the SMS to 7726 (SPAM) to report to your carrier
- Report to the booking platform's fraud team if their brand was impersonated
- Report to Action Fraud (UK) or the FTC (US) if card details were compromised
Frequently asked questions
Do hotels genuinely send SMS messages about payments before check-in?
Some hotels do send pre-arrival SMS messages, but they typically reference a booking through the official platform's secure payment system and do not include external payment links. Any SMS payment link should be verified by calling the hotel directly.
My booking appeared complete — why would there be an outstanding balance?
In most cases there is no outstanding balance. Fraudulent texts fabricate a balance to create urgency. Verify with the hotel or platform before taking any action.