Travelers Beware: The 'Reservation Hijack' Scam Is on the Rise

Just when you thought you had a handle on travel scams, a new one is making the rounds. It’s called “reservation hijacking,” and it’s exactly as unsettling as it sounds. The BBC reports that scammers are using leaked booking details to impersonate hotels, airlines, and rental car companies—and they’re getting good at it.

Here’s the setup: You get a call, email, or text from someone who claims to work for a business you’ve booked with. They know your travel dates, your phone number, even your email address. They might say there’s a problem with payment or that you need to confirm your reservation quickly. It feels real because they have real information. But it’s a trap.

The risk spiked after a data breach at Booking.com in April 2026. The company says no financial data was taken, but names, email addresses, phone numbers, and booking details were exposed. Affected customers have been notified, so check your inbox for that alert.

How do these hijacks work? Scammers can get your info from a breach, a hacked email, or even from social media posts where you’ve shared your travel countdown. Their goal is to trick you into sending money or sharing credit card details. They’ll push urgency—act now or lose your room—to get you to drop your guard.

The best defense is skepticism. If someone contacts you asking for payment, don’t engage. Ask if you can call them back using the official number on the company’s website. Real employees won’t mind. Booking.com says it will never ask for credit card info over the phone, email, or text, and it will never request a payment method different from what’s in your booking.

Stick to official apps and communication channels. Use strong, unique passwords and turn on two-factor authentication wherever it’s offered. And remember: if it feels rushed or too detailed to be fake, that’s exactly when you should slow down.