This dreadful scam targets hotel guests around the world. Here is the well-oiled mechanism of these scammers, to make you pay a high price for your stays.
Going on vacation is not for everyone. Between transportation, accommodation, restaurants and other on-site activities, the bill can quickly become steep. For many French people, and especially families, these trips require saving well in advance so as not to dig a hole in the budget for the year! So imagine, if you had to pay twice for your hotel reservation… Unfortunately, it’s very possible because of a new type of scam that targets hotel customers all over the world.
The scam seems devilishly simple: you receive an email or even a Whatsapp message, allegedly from your hotel. Everything is perfectly credible: the tone is professional, your name and that of the establishment are given, the dates of the stay are correct, and the precise amount of payment is indicated without the slightest error. There, you are asked to verify your banking information because of a new policy of the booking platform, most of the time Booking or Expedia. On internet forums, many think of a hacking of data from the travel site itself. However, the scam is much more sophisticated.
Even before vacationers, it is the hotels that are targeted by this vast scam: hackers directly target establishments, which are much less secure than major sites like Booking. An email is sent, claiming for example a last-minute reservation request, with a link to a fraudulent site perfectly identical to that of Booking. Once the receptionist or hotel manager falls for the trick, malware is installed on the computer and the hackers have access to all the information: guest names and addresses, reservation dates, etc. Data which is then resold on the dark web, where scammers simply use it to then launch very credible phishing campaigns.
Hotels are therefore both victims and accomplices, despite themselves, of the scam. But for the customers who have been fooled, the penalty is double: they have therefore paid the hotel once, and end up making a second payment to the hackers. It’s not for nothing that this scam is called “I paid twice”, literally “I paid twice” in French. It was the company Sekoia, specializing in IT security, which investigated this vast campaign and revealed its well-established operating procedure.
Unfortunately, there is no miracle solution to avoid this trap which has been circulating at least since April 2025, and which continues to grow throughout the world. To protect yourself, the only real reflex to adopt is to never click on a link in a message, and to always go to the official site yourself. But there are also “scam blockers” to install on your phone or computer, which detect fraudulent links and block access to them.
