Hilton Impersonation Scams
Scammers impersonate Hilton Honors with fake point expiry emails and fraudulent booking confirmations. Hilton will never ask you to pay an additional fee via email to confirm an existing reservation.
Last reviewed: 1 June 2026
Hilton's Honors loyalty programme is used by scammers as bait for phishing campaigns targeting frequent travellers. Messages mimicking Hilton's email design claim that Honors points are about to be cancelled or that a booking requires payment confirmation — both designed to direct the recipient to a credential-harvesting page.
Like all major hotel brands, Hilton is the victim of this impersonation. Genuine Hilton communications are always verifiable inside your Hilton Honors account without clicking any external link.
How scammers impersonate it
- Sending emails claiming Hilton Honors points will be cancelled unless account re-verification is completed
- Creating fake Hilton login pages to steal credentials for loyalty account takeover
- Sending fraudulent booking confirmations with additional payment links
- Advertising fake 'Hilton exclusive member rates' on third-party sites to harvest card data
- Calling Hilton Honors members with fake redemption deals requiring immediate verbal confirmation of card details
What the real organisation never does
- Ask for your Hilton Honors password or full payment card details via email
- Require you to follow an email link to prevent point cancellation
- Charge additional fees after a confirmed booking via an unsolicited email
- Offer exclusive member deals that can only be accessed by calling a number in an email
Common red flags
- Email about Honors point expiry with a login link to a non-hilton.com domain
- Booking confirmation email requesting extra payment to 'guarantee the room'
- Discounted Hilton rate available only through a third-party site unfamiliar to you
- Caller claiming to offer a Hilton Honors upgrade but asking for card details to hold it
- Sender address using a domain like 'hilton-honors-alert.com'
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Email: 'Your [number] Hilton Honors Points are set to expire. Re-verify your account at [fake link] before [date].'
Email: 'Hilton: Additional payment required to confirm your reservation at [hotel]. Click here to complete: [fake link].'
How to verify
- Access Hilton Honors only at hilton.com or through the official Hilton Honors app
- Your point balance, status, and upcoming reservations are all visible in your account without email prompts
- Contact Hilton Honors customer care only via hilton.com/en/hilton-honors/contact
- Verify any booking modification by logging in directly — do not act on unsolicited email links
What to do if you're targeted
- Change your Hilton Honors password and enable any available two-factor options
- If points were stolen, report unauthorised redemptions to Hilton Honors immediately
- Forward phishing emails to [email protected]
Frequently asked questions
I received an email saying my Hilton Honors account will be closed — should I click the link?
No. Log in directly at hilton.com to check your account status. If there is no issue visible there, the email was a phishing attempt.