Hospitality businesses are more reliant than ever on Online Travel Agents (OTAs) like Booking.com, Expedia, and Airbnb. In a challenging hospitality landscape, these platforms are useful for reaching guests, managing bookings, and growing your visibility.

Unfortunately, their popularity also makes them prime targets for scammers.

We’ve seen a worrying rise in fraudulent phone calls and emails from criminals impersonating OTAs. These messages can appear surprisingly legitimate and are designed to trick you into handing over sensitive information — sometimes with devastating consequences.

Freetobook’s Account Manager Heather Scott shares her advice for keeping your hotel safe online.

What OTA Scams Look Like

Fraud attempts often involve:

• Emails that look like they’re from Booking.com or other OTAs

These might include your property name, reference real bookings, or mimic OTA branding perfectly. However, they often contain malicious links or ask you to “verify” your details.

• Phone calls from someone claiming to be OTA support

The caller may say there’s an urgent issue with your listing, a payment problem, or a new policy update that requires your immediate action. They may even tempt you by promising to increase your property’s bookings.

What are they really after? Your Property ID, login credentials, or bank information.

Don’t Fall for it: How to Stay Safe

Here are key ways to protect yourself, your property, and your guests:

1. Never click on suspicious links

If an email urges you to “verify” details, reset your password, or download a file — stop and think. Don’t click. Go directly to the OTA’s official website or app instead.

2. Double-check email addresses

Scammers often use addresses that look close to the real thing, such as support@booking-update.com instead of support@booking.com. Always check the sender’s address carefully.

3. Don’t share your property ID or password

Booking.com, Expedia, and similar services will never ask for your password or Property ID over the phone or email. If someone is asking, it’s a red flag.

4. Use Two-Factor Authentication (2FA)

Enable 2FA on your OTA accounts whenever possible. This adds an extra layer of protection, even if your password is compromised.

5. Train your staff

Make sure your front desk, reservations team, or anyone with access to OTA accounts knows how these scams work. A few minutes of training can prevent major losses.

Vigilance is Your Best Defence

Scammers are becoming more sophisticated. Being aware and cautious can stop them in their tracks.

If you ever doubt the legitimacy of a message or call:

• Hang up or ignore the email
• Don’t click on any links
• Contact the OTA directly through their official support channels
• Report the suspicious email to your email provider so they can identify it as a scam and prevent it from affecting other people

Cybercriminals rely on urgency and fear of missing out on bookings to trick you into acting quickly — don’t give them the chance. Safeguard your property, your guests, and your reputation too. If something feels off, trust your instincts, pause, and double-check.