Impersonation · travel

Marriott Impersonation Scams

Scammers impersonate Marriott with fake loyalty point expiry notices and phishing reservation emails. Marriott Bonvoy will never ask you to verify account points by clicking a link and entering your password.

Last reviewed: 1 June 2026

Marriott Bonvoy's loyalty programme makes it an attractive target for phishing campaigns. Fraudsters send realistic-looking emails claiming that Bonvoy points are about to expire and that an urgent verification is required — which directs the recipient to a fake Marriott login page that captures credentials. Separate attacks target travellers with fake reservation confirmation emails close to a travel date.

Marriott also suffered a major data breach, giving attackers genuine customer data to add plausibility to phishing messages.

How scammers impersonate it

Sending emails claiming Bonvoy loyalty points will expire unless verified via a link
Creating fake Marriott login pages to harvest credentials for account takeover
Sending fake reservation confirmation emails asking for additional payment to secure a booking
Calling Bonvoy members claiming a special redemption offer requires immediate account validation
Advertising fake Marriott holiday packages at deeply discounted prices to collect upfront payments

What the real organisation never does

Ask you to verify loyalty points or account status by clicking an unsolicited email link
Demand payment to prevent Bonvoy point expiration
Contact you proactively with a time-limited offer that requires immediate card payment outside marriott.com
Ask for your full password via phone or email

Common red flags

Email about expiring Bonvoy points with a login link pointing to a non-marriott.com domain
Reservation confirmation with a payment link outside the official booking flow
Heavily discounted Marriott package advertised on a third-party site with no official connection
Call claiming you have a Bonvoy redemption offer that must be confirmed immediately by phone
Email sender address using a free domain or domain with extra words (e.g., marriott-bonvoy-offers.com)

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

Email: 'Your [number] Marriott Bonvoy points expire in 7 days. Verify your account to retain them: [fake link].'

Email: 'Marriott Bonvoy Reservation: Your booking at [hotel] is pending payment. Click here to confirm: [fake link].'

How to verify

Manage your Bonvoy account only at marriott.com or through the official Marriott app
All genuine point balances and expiry dates are visible inside your account without clicking email links
Contact Marriott Bonvoy customer service via marriott.com — not via numbers in unsolicited messages
Verify any hotel booking by searching marriott.com directly rather than following email links

What to do if you're targeted

Change your Marriott Bonvoy password immediately if you entered it on a suspicious site
Contact Marriott Bonvoy to freeze your account if unauthorised redemptions are suspected
Report the phishing email to [email protected]

Frequently asked questions

My Bonvoy points are about to expire — is the email real?

Check your point balance and expiry directly inside your Marriott account at marriott.com. Do not click email links. Genuine expiry information will be visible there without any verification step.

How scammers impersonate it

Sending emails claiming Bonvoy loyalty points will expire unless verified via a link

Creating fake Marriott login pages to harvest credentials for account takeover

Sending fake reservation confirmation emails asking for additional payment to secure a booking

Calling Bonvoy members claiming a special redemption offer requires immediate account validation

Advertising fake Marriott holiday packages at deeply discounted prices to collect upfront payments

What the real organisation never does

Ask you to verify loyalty points or account status by clicking an unsolicited email link

Demand payment to prevent Bonvoy point expiration

Contact you proactively with a time-limited offer that requires immediate card payment outside marriott.com

Ask for your full password via phone or email

Common red flags

Email about expiring Bonvoy points with a login link pointing to a non-marriott.com domain

Reservation confirmation with a payment link outside the official booking flow

Heavily discounted Marriott package advertised on a third-party site with no official connection

Call claiming you have a Bonvoy redemption offer that must be confirmed immediately by phone

Email sender address using a free domain or domain with extra words (e.g., marriott-bonvoy-offers.com)

Sanitized example messages

Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].

Email: 'Your [number] Marriott Bonvoy points expire in 7 days. Verify your account to retain them: [fake link].'

Email: 'Marriott Bonvoy Reservation: Your booking at [hotel] is pending payment. Click here to confirm: [fake link].'

How to verify

Manage your Bonvoy account only at marriott.com or through the official Marriott app

All genuine point balances and expiry dates are visible inside your account without clicking email links

Contact Marriott Bonvoy customer service via marriott.com — not via numbers in unsolicited messages

Verify any hotel booking by searching marriott.com directly rather than following email links