Fake Hotel Payment Verification Scams
Messages demanding card 're-verification' to 'secure' a booking, capturing full card details.
Last reviewed: 1 June 2026
What this scam is
A close cousin of hotel phishing, this scam specifically frames a 'payment verification' or 'pre-authorisation' step as mandatory to keep your reservation, capturing full card and security details.
How it works
You're messaged that your card needs re-verification or a pre-authorisation to secure the room. A fake form collects your full card number, expiry, CVV and sometimes a one-time banking code, enabling fraud.
Common red flags
- Mandatory 'verification' via a link to keep your booking
- Requests for CVV or banking app one-time codes
- Non-official domain or sender
- Urgency and cancellation threats
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Action required: verify your card (number, expiry, CVV) to secure reservation [reference] or it will be released.
Payment methods used
- Card details harvested
Who is usually targeted
- Guests with upcoming stays
What to do immediately
- Never enter full card details or codes via a message link
- Confirm with the hotel/platform through official channels
- Call your bank if you shared details
Evidence to preserve
- The message and link
- Booking reference
- Screenshots
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Do hotels ever need my CVV by message?
Legitimate hotels and platforms don't ask for your CVV or banking one-time codes via email or SMS links. Any such request is a scam — verify directly through the official app or phone number.