New cybersecurity research reveals that travel booking fraud is rising sharply, fuelled by time pressure, rising costs, and increasingly convincing fake communications. The scams are no longer obviously crude — and experienced travelers are not immune.
There is a particular vulnerability that comes with booking travel under pressure. The flight deal expires in twenty minutes. The hotel confirmation looks slightly off but it’s late and the trip is next week. The instinct to click first and verify later is exactly what the fraud industry is built on — and according to new research, it is working at scale.
A survey of 1,000 Americans conducted by cybersecurity company McAfee found that 38% have encountered a travel-related scam. Of those, 41% lost money as a result, and nearly half of that group lost more than $500. The findings, released ahead of the summer travel season, point to a fraud landscape that has grown considerably more sophisticated — and more difficult to distinguish from legitimate communications.
A striking 90% of respondents reported feeling pressure to book quickly — a behavioral pattern that scammers are specifically designed to exploit. Urgency is the mechanism. A fake booking confirmation arrives with a problem requiring immediate action. A too-good-to-be-true deal on a villa in Portugal has only two rooms left. The goal, as one analysis put it, is to panic the traveler just enough to make them click before they think. A further 32% said they would book a trip before confirming the legitimacy of the site or offer.
McAfee Labs research also found that well-known travel brands are being impersonated at scale, making it genuinely difficult for consumers to distinguish real communications from fraudulent ones. The imitations are no longer obviously fake. They replicate logos, colour schemes, and the precise tone of automated booking systems. Fake booking confirmations and travel updates were among the most commonly encountered scam formats — messages designed to look like they came from airlines, hotels, and major booking platforms.
The practical exposure points are worth knowing. Third-party booking sites that appear in search results but operate outside official brand channels carry the highest risk — a convincing domain name and a professional-looking checkout page are not, by themselves, indicators of legitimacy. Public Wi-Fi at airports and hotels remains a known vulnerability for intercepting payment and login data. And any communication — email, SMS, or otherwise — that creates urgency around an existing booking should be treated with suspicion until verified directly through the airline or hotel’s official site.
For travelers with significant trip investments — business class flights, boutique hotel stays, multi-week itineraries — the financial stakes of a successful scam are considerable. The loss of a $500 deposit is painful; the loss of a $5,000 trip package is a different matter altogether. Booking directly with airlines, hotels, and established operators where possible, and verifying any unexpected communications through official channels rather than embedded links, remains the most reliable protection. In a fraud landscape shaped by AI-generated imitations and scaled impersonation operations, a moment’s pause before clicking has rarely been more warranted.
Amanda O’Brien is the creator and editor of The Boutique Adventurer. She has visited 80 countries and is a member of the British Guild of Travel Writers as well as the IFTWTA. She is passionate about wine had has just completed Level 3 of the WSET. Born in Australia, she lives in London.