Global surge in vacation booking phishing scams

A new wave of phishing attacks is targeting travelers by impersonating travel agents and using legitimate booking details. According to Andreas Konstantinidis of Odyssey Cybersecurity, attackers send WhatsApp messages requesting payment verification via malicious links. These fake websites contain accurate information such as guest names and dates, suggesting that data leaks from travel agencies or hotels have occurred. Research by Norton indicates that client data from over 350 properties in 50 countries may have been compromised, with the highest impact reported in Germany, France, the UK, Italy, Spain, and the US. Experts warn that the use of specific reservation details makes these scams highly convincing. FBI data shows that phishing attacks resulted in over $200 million in losses for Americans last year. Users are advised to avoid clicking links from unknown senders and refrain from entering credit card details on unverified pages. As of May 29, 2026, authorities continue to highlight the risks posed by these sophisticated data-driven scams.