Tourists are being warned about a clear sign in emails that indicates a common travel scam: fake payment requests sent through compromised hotel booking accounts. According to new research from travel eSIM app Saily, based on dark-web intelligence provided by NordStellar, scammers are increasingly targeting travellers through legitimate-looking channels.
Compromised Hotel Accounts Used for Scams
The research uncovered a broader shift in travel scams in 2026, including compromised hotel booking accounts used to send fake payment requests, fake travel eSIM stores, and deepfake identity verification services. Vykintas Maknickas, CEO at Saily, explained: "Travel scams are becoming significantly harder to spot because criminals are increasingly abusing systems people already trust. Instead of creating obviously fake websites, attackers are moving inside legitimate travel platforms and verified communication channels."
According to Maknickas, one key sign to watch out for is when a traveller receives a payment request inside what appears to be a legitimate hotel conversation, often via email or chat. "If a traveller receives a payment request inside what appears to be a legitimate hotel conversation, many people won’t immediately question it. That’s what makes these attacks so effective," he said.
How to Avoid Falling Victim
To avoid this scam, guests should never enter payment details through links sent via a booking chat or email. If a hotel requests an additional payment, even if it appears to come from the third-party booking site, travellers should confirm directly through official contact channels.
Public Wi-Fi Risks
Another common scam involves public Wi-Fi networks. Cybercriminals exploit hotel, airport, and café Wi-Fi networks that are less secure, using fake hotspots and data interception attacks to capture passwords, banking details, or login sessions. Travellers are often less cautious when abroad, especially when needing Wi-Fi after landing or upon arrival.
Researchers advise avoiding sensitive accounts on public Wi-Fi and opting for secure mobile connectivity instead.
Other Growing Scams
Other increasingly common travel scams include deepfake identity scams entering travel services and fake travel eSIM stores targeting tourists. Scammers imitate legitimate eSIM providers to steal payment details or personal information from those looking for quick mobile data on holiday.
