Sneaky travel booking scams are on the rise - here's how to avoid them like a pro

Cybersecurity firm Sophos's field chief information security officer for Australia, Pacific and Japan, Aaron Bugal, says anything we do online has the potential to be exploited, so he's not surprised to see fraudsters targeting travellers booking their holidays.

"And unfortunately, a lot of that initial effort to defend against those risks is going to come back to the user of those systems," Bugal told Explore.

He said scammers will usually take the "path of least resistance", and one of the most common scams is gaining access to email communications through a booking platform. In one scenario, you will think you are emailing back and forth with a hotel, but it's actually a scammer who has gained control of the hotel's account.

Alternatively, a scammer will set up their own account mimicking the hotel's account. In both scenarios, the scammer will ask you for payment. If they ask you to move communications to another messaging platform such as WhatsApp, Signal or Facebook Messenger, "that should be the first sign that something isn't quite right", Bugal says.

University of NSW senior lecturer at the School of Computer Science and Engineering Dr Rahat Masood says there are several red flags to watch out for. First, check the terms and conditions, including the cancellation and refund policy, which can be "very vague" if it's a scam.

If they are asking for full payment in advance, or asking you to book and pay through another website, those are also red flags. Other warning signs include asking for payment via a bank transfer, in cryptocurrency, or another way where "there's no way to trace back the payment", Masood says.

A sense of urgency - such as continually messaging you saying you will miss out if you don't act quickly - is another red flag.

Do not pay for anything online if the browser address does not begin with "https". The "s" stands for "secure" - if it's just "http", be wary as it is not verified. And if something has an extremely low price, and therefore seems too good to be true, it probably is.

A Booking.com spokesperson said: "Unfortunately, phishing attacks by criminal organisations pose a significant threat to many industries, and we continue to make significant investments to limit the impact of such scams to our accommodation partners and customers who unwittingly fall victim."

They say "no legitimate transaction will ever require a customer to share sensitive information like credit card details via email, chat, messages, texts or phone", so keep your personal information private.

And keep a "skeptical mindset"; if you have doubts, contact the booking platform's customer service team.

Online scams affect airlines, too. Earlier in 2025, Emirates temporarily suspended all of its advertising on social media channels, because of "fraudulent advertisements" circulating across social media platforms.