ABC News Australia discusses 'reservation hijacking' scams on travel booking platforms, where criminals pose as hotels and pressure travelers into off-platform payment or identity-theft schemes. The guest says the risk comes from the fragmented travel-booking supply chain, where major aggregators may be secure but smaller hotel providers may have weaker cybersecurity and training.
Watch on YouTube ›Get the market thesis, key claims, assets, contradictions, and follow-up questions from any financial video — then unlock a version personalized to your portfolio, watchlist, and favorite speakers.
The segment centers on a travel scam ABC describes as 'reservation hijacking' and warns holidaymakers to be careful about sharing personal details online. The setup references Booking.com customers being warned in April after a data breach, and then moves into an interview with Daswin de Silva, Professor of AI and analytics at La Trobe University, about how the scam works and how travelers can protect themselves. De Silva frames the problem as a kind of 'tourist theft' in which cybercriminals impersonate hotels and contact customers directly. He says the initial goal is often to push victims into off-platform financial transactions, but that the scam can escalate into identity theft or even physical theft if criminals learn travelers are away from home. …
Near term, the actionable risk is traveler phishing around real reservations, especially urgent payment or ID requests that arrive off-platform. The immediate defense is verification through the original booking channel and skepticism toward any request that bypasses it.
Over the next few months, the base case is continued scam activity unless booking platforms and hotel partners tighten identity-handling and alerting. Confirmation would come from better platform controls; invalidation would be a visible drop in spoofed-message incidents.
Long term, this points to a structural trust problem in digital travel commerce: fragmented third-party data flow creates persistent fraud exposure. The lasting fix likely requires platform-level redesign of identity and payment handoffs, not just consumer caution.
Reservation hijacking is a scam where criminals pose as hotels to trick travelers into off-platform transactions or identity theft.
Direct description of the attack mechanism and likely harms.
The travel-booking ecosystem is vulnerable because it is a vast, interconnected supply chain with uneven cybersecurity among smaller providers.
Explains the structural reason the scam works.
The attack is not very sophisticated and is closer to social engineering than advanced hacking.
He minimizes technical complexity and compares it to prior hacks.
Is scamming a common occurrence on online travel platforms, and how does it actually happen?
Daswin explains this is a type of 'reservation hijack' — a new kind of tourist theft where cybercriminals pretend to be hotels, tricking customers into off-platform financial transactions, identity theft, or even physical theft. The vulnerability comes from the complex supply chain: while booking.com itself is secure, smaller hotels may lack up-to-date cybersecurity. The attack itself is a social engineering attack, similar to the Qantas hack from last year.
Why is the information shared on booking platforms so valuable, and have we been conditioned to overshare?
Daswin agrees, describing a 'very clear information asymmetry' where users trade highly intimate personal information — passport, name, address, email, phone — willingly to unknown third parties. He notes financial info wasn't compromised in this particular hack, but says it's significant asymmetry that needs addressing by the third-party provider to protect their reputation.
Is it difficult to avoid sending passport copies when booking online since travel websites require that information?
Daswin says booking.com as a large provider could be proactive by acting as a third-party trusted authority holding encrypted passport data for smaller providers. He also advises customers to look for hotels that don't require this information upfront and will verify ID at check-in, and to seek options with clearer security guarantees.
Unlock the full claims, asset map, scores, related transcripts, follow-up questions, and AI chat — shaped around your portfolio, watchlist, favorite speakers, and risks.
