Μake us preferred on Google

Concern is mounting across Greece’s tourism industry following the emergence of a sophisticated cyber fraud scheme targeting travelers who have already made reservations through major online booking platforms such as Booking.com, Expedia and other international services.

The issue came to light after reports from hoteliers in several regions of the country, prompting an official warning from Nikolaos Saroukos, Head of Inspections, Audits and Tourism Development for Thessaly at the Ministry of Tourism. He urged both tourism professionals and travelers to remain vigilant.

According to available information, affected travelers receive SMS messages from international phone numbers, often originating in Latin America. The messages appear to be legitimate booking notifications and instruct recipients to confirm or update payment details through a provided link. Because hotels, travel agencies and booking platforms handle large volumes of personal and financial data, they remain attractive targets for cybercriminals.

Cybersecurity experts describe the scheme as a form of phishing known as “Reservation Hijacking.” Criminals first gain access to hotel accounts or booking data through stolen credentials, system breaches or malware. They then send highly personalized messages via SMS, email, WhatsApp or other channels, using genuine reservation details such as accommodation names, travel dates and customer information. Victims are typically warned of a payment failure, card verification issue, transaction authorization problem or potential booking cancellation.

NEWSLETTER TABLE TALK

Never miss a story.
Subscribe now.

The most important news & topics every week in your inbox.

Recipients who click the link are redirected to a fraudulent website designed to closely resemble a booking platform or hotel portal. There, they are asked to enter credit card details, banking credentials or other sensitive information, which is then harvested by the attackers.

What makes the scam particularly convincing is the use of authentic reservation data. Research cited by cybersecurity specialists suggests that booking information has been exposed through breaches affecting hundreds of hospitality businesses worldwide, enabling criminals to launch highly targeted attacks at scale.

Authorities are also warning tourism businesses about a separate scam involving fake partnership proposals allegedly sent by major airlines. Fraudsters pose as corporate representatives, distribute forged supplier-registration documents and eventually request a refundable “advance payment” to secure collaboration opportunities. Once the payment is made, the perpetrators disappear, leaving businesses with financial losses.