Cybercriminals launch sophisticated ‘reservation hijacking’ scams as global travel digitizes

Cybercriminals are increasingly targeting travelers through advanced scams as global travel digitizes. Fake QR codes, phishing emails, and fraudulent booking confirmations are among the most common threats, with platforms like The Points Guy and Reader’s Digest warning American travelers about risks like 'quishing'—phishing via QR codes. These scams exploit the trust travelers place in digital interactions, such as check-ins, payments, and itinerary updates, often mimicking legitimate communications from airlines, hotels, or booking platforms. A new and damaging tactic, 'reservation hijacking,' involves fraudsters gaining access to real booking information through data breaches or phishing. They then contact travelers posing as hotels or travel suppliers, requesting extra payments or updated payment details. Victims typically discover the fraud only upon arrival or when unexpected charges appear, leaving hotels and brands vulnerable to reputational harm even if their systems were not compromised. The travel industry faces broader consequences, including increased customer service costs, chargebacks, and regulatory scrutiny. Scams erode consumer confidence, a critical factor in an industry built on trust. Fraudsters use artificial intelligence to create highly convincing fake emails and websites, making it harder for travelers to distinguish legitimate updates from malicious ones, especially during disruptions like flight delays or cancellations. QR codes, now widely used for check-ins, menus, and payments, are a prime target for scammers. Fake QR codes placed in public spaces redirect victims to malicious websites that steal personal and financial data. The growing sophistication of these scams underscores the need for stronger cybersecurity measures across airlines, hotels, and travel agencies to protect both customers and brand integrity.