Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Phishing Attacks Are Using Real Hotel Reservation Info to Target Travelers

KnowBe4 Team | Jun 3, 2026

Scammers are using legitimate hotel booking details to craft targeted phishing attacks, WIRED reports. Victims are far more likely to fall for a phishing attack if a message contains real information that they wouldn’t expect a scammer to know. According to researchers at Norton, this phishing campaign is targeting customers of at least 350 hotels and vacation rentals across 50 countries.

The phishing messages impersonate hotel staff and relate to recent bookings a user has made, informing the user that they need to verify their information. If a user clicks the link, they’ll be taken to a spoofed website designed to steal their credit card details.

It’s unclear how exactly the attackers obtained information about recent hotel reservations, but it likely stems from data breaches or compromises of individual hotels’ booking systems. “Hackers could obtain people’s specific vacation booking details from a variety of places, including accessing hotel systems after sending them phishing messages or through third-party booking services,” WIRED says. “For example, hackers could send malware-laced emails or files to hotels to try to get their login details, rather than systems containing vulnerabilities that are exploited by cybercriminals.”

Aaron Ownbey, vice president of engineering at Cloudbeds, told WIRED, “The reason these scams are so effective is that the attacker isn't guessing: They know exactly who the guest is, when they’re arriving, and what they paid....The hospitality industry needs to collectively raise the security baseline—better training for front desk staff, wider adoption of phishing-resistant authentication, and tighter controls on how guest data can be accessed and exported from any platform.”

Users should be aware that threat actors sometimes have access to non-public information, and they can use this data to establish a sense of trust during a social engineering attack.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 Platform to strengthen their security culture and reduce human risk.

WIRED has the story: https://www.wired.com/story/hundreds-of-hotels-caught-up-in-vacation-booking-scams/

Topics: Social Engineering Phishing Cybercrime Data Breach

See KnowBe4 Defend™ in Action

Learn how Defend™ strategically enhances Microsoft 365's native security to catch the threats Secure Email Gateways (SEGs) miss.

Request a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

KnowBe4 Team

ABOUT KNOWBE4 TEAM

The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

Read more from KnowBe4 »

Subscribe the KnowBe4 Blog

Posts By Topic

View All