Reservation Phishing Scams Targeting Hotel Guests
📆 Last Updated: 07/07/2026
Status: ASI is actively monitoring reported incidents and will update this page as needed.

ASI is aware of phishing scams targeting hotel guests with messages that appear to reference legitimate reservations. These messages may claim that a guest needs to verify payment, update card information, or take urgent action to avoid cancellation.
This is not isolated to ASI or ASIPMS. Similar scams have been reported across the hospitality industry, including hotels, vacation rentals, booking platforms, and other travel-related systems.
ASI has received reports of guests receiving suspicious reservation-related emails, SMS, and WhatsApp messages. Based on our review to date, these messages were not generated or sent through ASIPMS. However, because these scams are increasingly sophisticated and affect the broader hospitality industry, we are taking additional steps to help properties protect their staff, guests, and reservation data.
What Guests Are Being Targeted With
Guests may receive a message that appears to come from a hotel, booking provider, or reservation-related service. These messages often include familiar reservation details, which can make them feel legitimate.
The goal is usually to trick the guest into clicking a fraudulent link, entering payment details, sharing personal information, or providing login credentials.
![]()
Warning signs guests may see
| 1. |
A request to “verify” or “update” payment information. |
| 2. | A claim that the guest’s reservation may be canceled unless they act quickly. |
| 3. | A link to a payment page or card verification form. |
| 4. | A message sent by email, SMS, WhatsApp, or another messaging channel. |
| 5. | Wording that creates urgency or pressure. |
| 6. | A sender address, phone number, or website link that looks similar to a legitimate source but is not official. |
Examples of Suspicious Messages
A countdown, a "booking incomplete" flag, and a red "Confirm my stay" button leading to a payment page.
Robotics streamline production lines and improve precision in manufacturing processes.
A manufactured deadline and a "Continue to confirmation" link designed to harvest payment details.
When reviewing suspicious messages, look for unusual sender addresses, unfamiliar links, urgent payment language, spelling or formatting issues, and requests to provide card details through an unverified page.
Why These Scams Are Convincing
Traditional phishing attempts are often generic and easier to identify. These reservation-related scams can be more convincing because they may reference real travel details such as the hotel name, stay dates, guest name, or booking information.
Because the guest may recognize some of the details in the message, they may be more likely to trust the sender or act quickly without verifying the request.
This is why properties should proactively educate staff, communicate with guests when appropriate, and encourage guests to verify suspicious payment or reservation-related messages directly with the property.
Our Review of Reported Incidents
ASI has reviewed reported incidents involving suspicious reservation-related messages sent to guests.
The suspicious messages were not generated or sent through ASIPMS.
We do not currently have evidence that ASIPMS sent these phishing communications.
We have implemented additional safeguards & tools to help properties reduce risk & communicate proactively with guests.
Because phishing campaigns can involve many systems across the guest booking journey, including email, staff accounts, OTA accounts, booking platforms, and third-party services, we encourage properties to review their broader security practices in addition to using the ASIPMS tools described below.
ASIPMS Security Enhancements
Guest Broadcast Feature
ASIPMS now allows properties to send informational emails to guests with upcoming reservations.
This feature can be used to proactively warn guests about reservation-related phishing scams, clarify how your property communicates, and remind guests not to trust suspicious payment links or requests for sensitive information.
To send a guest broadcast:
1. Go to Search Reservation.2. Click Send Email.
3. Load your future reservations.
4. Review or customize the message.
5. Send it to your upcoming guests.
Recommended uses include:
1. Notifying upcoming guests about phishing risks.2. Explaining how your property handles legitimate payment requests.
3. Reminding guests to contact the property directly if they receive a suspicious message.
4. Reinforcing that guests should not enter payment information through unfamiliar or unverified links.
Enhanced Report Security
Reports containing guest or reservation information, including Reservation Detail Reports, are now protected with Two-Factor Authentication.
Before these reports can be exported, a One-Time Password will be sent to the registered Property Owner’s email address for verification.
This additional step is intended to reduce the risk of sensitive reservation information being exported without proper authorization.
Recommended Actions for Properties
1. Notify Upcoming Guests
Use the ASIPMS Guest Broadcast feature to warn upcoming guests about phishing attempts before they receive a suspicious message.
Guests should be reminded to contact the property directly using verified contact information if they receive any message requesting payment, card verification, or urgent reservation action.
2. Train Front Desk and Reservations Staff
Many hospitality phishing campaigns begin by targeting hotel staff, not guests. Staff should be cautious with unexpected emails, attachments, links, calls, or messages related to reservations, guest complaints, invoices, payment verification, or account access.
Staff should not click suspicious links, download unexpected attachments, or provide login credentials unless the request has been verified through a trusted channel.
3. Strengthen Account Security
Properties should review access to ASIPMS, email accounts, OTA portals, booking platforms, and other systems that may contain guest or reservation information.
Recommended practices include:
1. Updating passwords periodically.2. Using strong, unique passwords for each system.
3. Avoiding shared credentials.
4. Removing access for former employees or users who no longer need it.
5. Enabling multi-factor authentication wherever available.
4. Handle Guest Data Carefully
Reservation reports and guest data exports should only be generated when necessary and should be shared only through approved, secure channels.
Avoid forwarding reports, screenshots, or guest details to unauthorized recipients or personal email accounts.
5. Report Suspicious Activity
If a guest or staff member receives a suspicious message, save the message and report it promptly. Details such as the sender address, phone number, link, reservation source, and message screenshot can help identify patterns and support further review.
What To Do If You Receive a Suspicious Message
If your property or one of your guests receives a suspicious reservation-related message
If a guest has already entered card details or made a payment through a suspicious link, advise them to contact their bank or card issuer immediately.
Report an Incident to ASI
If you believe suspicious activity may be related to an ASIPMS reservation or account, please contact ASIPMS Support immediately.
When reporting an incident, include as much of the following information as possible:
1. Property name.
2. Guest name, if applicable.
3. Reservation number, if applicable.
4. Reservation source, such as direct booking or OTA.
5. Approximate booking date.
6. Date and time the suspicious message was received.
7. Screenshot or copy of the message.
8. Sender email address, phone number, or link included in the message.
9. Any action taken by the guest or property.
Frequently Asked Questions
-
Based on our review to date, the reported suspicious messages were not generated or sent through ASIPMS, and we do not currently have evidence that ASIPMS sent these phishing communications.
We are continuing to monitor reported incidents and review available details. If we identify new information that materially changes our understanding, we will update this page.
-
Reservation-related scams can involve multiple systems and communication channels across the hospitality industry, including hotel staff accounts, email accounts, OTA portals, booking platforms, and third-party services.
In some reported industry cases, attackers appear to use real booking details to make messages more convincing. This does not automatically mean a guest’s personal account was hacked, but it does mean the message should be treated carefully and verified through official channels.
-
If a guest clicked a suspicious link but did not enter information, they should close the page and avoid further interaction.
If they entered credit card information, login credentials, or personal details, they should contact their bank or card issuer immediately, monitor their accounts, and change any affected passwords.
-
Properties can use the ASIPMS Guest Broadcast feature to proactively alert upcoming guests, train staff to recognize phishing attempts, strengthen account security, and verify unusual requests before taking action.
-
If you are unsure whether a message is legitimate, do not click links or download attachments. Contact ASIPMS Support directly through your normal support channel for verification.
Additional Industry Resources
The following third-party resources provide additional background on reservation-related phishing scams affecting the hospitality and travel industry:
1. Norton: Reservation Hijack scams: The travel scam that looks like your real hotel booking2. WIRED: Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks
Known Scam Domains
The following domains have been identified as part of phishing campaigns impersonating hotel reservation or confirmation pages. They are not affiliated with ASI PMS or any property using ASI PMS. If a link doesn't match your property's official domain, it should be treated as suspicious.
- confvalenciahotel-suite13853.world
- confvalenciahotel-suite13853.digital
- checkin-ok.world
We can also note that this list will be updated as new domains are identified, and encourage customers to report suspicious domains rather than visiting them.
ASI’s Ongoing Commitment
Join Our Newsletter
Stay ahead with insights, updates, and trends shaping the hospitality industry.
.png?width=80&height=80&name=handshake%20(2).png)