There's another type of digital scam to be aware of, as per the BBC. It's called “reservation hijacking.”
The name gives you a clue as to how it works. Essentially, scammers use details about a booking you've placed (perhaps with a hotel or airline) to trick you into sending money somewhere you shouldn't.
While this type of scam isn't brand new, a recent data breach at Booking.com has raised the risk of people being caught out. With data about you and your reservation, a far more convincing setup can be put in place—why wouldn't you believe that someone purporting to be an employee from a spa you've got a reservation with is telling the truth about who they are, especially if they know the dates of your trip, your phone number, and your email address?
According to Booking.com, no financial information was exposed in the April 2026 hack. However, names, email addresses, phone numbers, and booking details have been leaked. The travel portal says affected customers have been emailed about the heightened risk of scams, so that's the first thing to check for when it comes to staying safe.
Minimizing the risk of getting scammed by a reservation hijack involves many of the same security precautions you may already be following, and just being aware that this is a way you might be targeted will make a difference.
How Reservation Hijacks Work
Scammers can get hold of your booking details.
Courtesy of David NieldWe've already outlined the basics of a reservation hijack, but it can take several forms. As with other types of scams, it tends to evolve over time. The basic premise is that someone will get in touch with you claiming to be from a place you have a reservation with, whether it's a car rental company or a hotel.
The scammers will try to pull together as much information as they can on you and your booking. Sometimes they'll target employees of the place you've got the reservation with in order to get access to their systems, and other times they may take advantage of a wider data breach (as with the recent Booking.com hack).
They might also get information through other means. Maybe they've somehow got access to your email, or to some of your social media posts (where you've shared your next vacation destination and a countdown of how many days are left to go). Don't be caught out if you find yourself speaking to someone who knows a lot about your travel plans.
The end goal of the scam will typically be to try and get some kind of payment out of you related to the reservation. Requesting a bank transfer or details of a credit card are tactics that are regularly used, which will of course be routed to the scammers rather than the hotel or travel company you think you're dealing with.
Scam attempts can come through emails and text messages as well as phone calls, and as is often the case with these kinds of criminal activities, some kind of urgency may be introduced—perhaps you'll need to pay quickly to secure your reservation, or there's been a mix-up with payment processing that needs to be rapidly rectified.
Avoid Being Caught Out
Stick to official apps for communications where you can.
Courtesy of AirbnbAt its core, reservation hijacking scams operate the same way as many other scams: You're contacted by someone who isn't who they're pretending to be. No matter how many details they might have about your bookings or travel plans, you shouldn't engage with anyone asking you for money until you've verified their identity.
If you do have any doubt, ask if you can contact them—via whatever medium they've used. If someone is falsely claiming to be from a hotel and you ask if you can call the hotel back, the ruse very quickly falls apart. You should be particularly cautious when questions are asked of you, even if it's just to “confirm” some details.
Booking.com told the BBC that it will never ask customers to share credit card information over the phone, email, or text. The comapny also will never ask customers to make any kind of payment (like a bank transfer) that’s different from the payment details in their booking.
Sticking to official communication channels and apps is essential when trying to protect yourself against these and other scams. Bad actors looking to make money from you will have to operate outside these official channels, because they're not official. As always, don't rush into anything, which the scammers will almost always try and make you do.
All of the standard security practices still apply too. Secure your accounts with strong, unique passwords that you don't share with anyone and which are impossible to guess. And if the accounts you're using offer two-factor authentication (as Booking.com does), where a verification code is needed in addition to a username and password, turn it on.
