How to book a hotel without getting scammed

Cyberattackers are significantly innovating their tactics and targeting the travel and hospitality industries. Some recent examples:

• MGM Resort Hacked Shutting Down Casinos and Hotel Services
• Marina Bay Sands Becomes Latest Hospitality Cyber Victim

It’s not just the hotels that are getting hit hard, either. The latest wave of hacking schemes is pouncing on travelers in unfortunate ways.

The number and availability of apps and online services for travelers grows every single day. Many travel apps offer promises of convenience and rewards for downloading and using them, but they unfortunately come with a darker side.

The latest round of cyberattacks represents a strong understanding of the hotel industry’s standard processes and typical customer interactions.

Hackers recently found a hole in Booking.com’s security, which allows them to use the hotel partner’s login credentials to enter Booking.com accounts and send urgent messages to travelers regarding their reservations.

Let’s take a look at why this is happening and how you can avoid hotel hacking scams.

Why are travel companies so vulnerable to hacking?

The airline industry is pretty carefully regulated to protect passenger privacy, but that’s not true for the entire travel industry. 

Online travel agencies often share personal data with multiple parties when booking. Travel companies have lots of personal information, including full names, driver’s license numbers, birth dates, travel dates, loyalty numbers, passport numbers, etc.

The travel industry’s digital systems were designed to increase profits, not to protect your personal information. Until there are real consequences for travel companies, it’s not going to change. 

It’s not your fault, it’s not going to stop anytime soon, and you’re probably going to pay for it.

How to book a hotel without getting scammed

Here’s how to safely book a hotel room without getting scammed.

Avoid booking apps

Booking services promise all kinds of things like better room prices and exclusive access, but there’s nothing they provide that the hotel doesn’t deliver.

Use booking services only for price comparisons and research, and book directly with the hotel instead.

Never click links in emails

If your hotel sends you an email asking for additional information, never click the links! Go to the secure website instead, or better yet, call and provide the info.

Most of the time you’ll find the hotel never needed any information at all! Usually, that email is a phishing scam.

Never share passwords or private data through email

If you receive a request for passport numbers from an email that looks like it came from a hotel you booked, don’t reply.

It may seem logical that a foreign hotel representative needs to see your passport, but that happens at check-in. Never share passwords or private data over email.

Practice safe Wi-Fi

Don’t connect to public networks without a VPN, and keep close track of your devices and where they’re plugged in. Hackers have figured out how to infect public USB charging ports with malware.

Be suspicious of any urgent requests

If a hotel needed some information, it would have gathered it at booking time, so any ‘urgent’ requests are typically scams. Here are some examples:

• An alarming email that appears to be from a site you’re familiar with warns of malicious activity.
• An urgent request to update your credit card information with the threat of losing your reservation if you don’t.

If your credit card has been compromised, your bank will know – verify with them. If your hotel reservation is in jeopardy, the hotel will know – verify with them.

How to clean up the private data in your apps

Don’t just delete the apps! It may sound easier, but that data could be stored with the app system.

Do this instead:

1. Open each travel app on your phone and click Manage Account. Remove any stored private data like:
   • Birthdate
   • Address
   • Phone number
   • Passport number
   • Credit card info
   • Names of other travelers
2. Turn on two-factor authentication so hackers can’t access the account.

Related topics

• Hotel safety tips every traveler should know
• How to keep your stuff safe in a hotel room
• Here’s how to get out of a nonrefundable hotel room