‘Reservation Hijacking’ Scams Target Travelers. Here’s How to Stay Safe

“预订劫持”诈骗盯上旅客，教你如何防范

There’s another type of digital scam to be aware of, as per the BBC. It’s called “reservation hijacking.” 据英国广播公司（BBC）报道，有一种新的数字诈骗需要引起警惕，它被称为“预订劫持”（reservation hijacking）。

The name gives you a clue as to how it works. Essentially, scammers use details about a booking you’ve placed (perhaps with a hotel or airline) to trick you into sending money somewhere you shouldn’t. 从名字就能看出它的运作方式。本质上，诈骗者会利用你已有的预订信息（例如酒店或航空公司订单），诱骗你将钱款汇入不该汇入的账户。

While this type of scam isn’t brand new, a recent data breach at Booking.com has raised the risk of people being caught out. With data about you and your reservation, a far more convincing setup can be put in place—why wouldn’t you believe that someone purporting to be an employee from a spa you’ve got a reservation with is telling the truth about who they are, especially if they know the dates of your trip, your phone number, and your email address? 虽然这种诈骗并非新鲜事，但 Booking.com 最近发生的数据泄露事件增加了人们中招的风险。掌握了你和你的预订信息后，骗子可以编造出极具说服力的骗局——如果对方准确说出了你的行程日期、电话号码和电子邮箱，你又怎会怀疑对方不是你所预订的温泉酒店员工呢？

According to Booking.com, no financial information was exposed in the April 2026 hack. However, names, email addresses, phone numbers, and booking details have been leaked. The travel portal says affected customers have been emailed about the heightened risk of scams, so that’s the first thing to check for when it comes to staying safe. 据 Booking.com 称，2026 年 4 月的黑客攻击中没有财务信息泄露。然而，姓名、电子邮箱、电话号码和预订详情已被泄露。该旅游平台表示，已通过电子邮件通知受影响的客户注意诈骗风险增加，因此，这是确保安全时首先要检查的内容。

Minimizing the risk of getting scammed by a reservation hijack involves many of the same security precautions you may already be following, and just being aware that this is a way you might be targeted will make a difference. 降低“预订劫持”诈骗风险的方法，与你可能已经在遵循的许多安全预防措施相同，仅仅是意识到自己可能成为目标，就能起到很大的防范作用。

How Reservation Hijacks Work

“预订劫持”是如何运作的

We’ve already outlined the basics of a reservation hijack, but it can take several forms. As with other types of scams, it tends to evolve over time. The basic premise is that someone will get in touch with you claiming to be from a place you have a reservation with, whether it’s a car rental company or a hotel. 我们已经概述了“预订劫持”的基本原理，但它有多种表现形式。与其他类型的诈骗一样，它也会随着时间推移而演变。其基本前提是，有人会联系你，声称自己来自你预订过服务的机构，无论是租车公司还是酒店。

The scammers will try to pull together as much information as they can on you and your booking. Sometimes they’ll target employees of the place you’ve got the reservation with in order to get access to their systems, and other times they may take advantage of a wider data breach (as with the recent Booking.com hack). 诈骗者会试图收集关于你和你的预订尽可能多的信息。有时他们会针对你预订机构的员工进行攻击以获取系统访问权限，有时则会利用更大规模的数据泄露（如最近的 Booking.com 黑客事件）。

They might also get information through other means. Maybe they’ve somehow got access to your email, or to some of your social media posts (where you’ve shared your next vacation destination and a countdown of how many days are left to go). Don’t be caught out if you find yourself speaking to someone who knows a lot about your travel plans. 他们也可能通过其他方式获取信息。也许他们以某种方式访问了你的电子邮件，或者查看了你的社交媒体帖子（你在上面分享了下一个度假目的地和倒计时天数）。如果你发现对方对你的旅行计划了如指掌，千万不要掉以轻心。

The end goal of the scam will typically be to try and get some kind of payment out of you related to the reservation. Requesting a bank transfer or details of a credit card are tactics that are regularly used, which will of course be routed to the scammers rather than the hotel or travel company you think you’re dealing with. 诈骗的最终目的通常是试图让你支付与预订相关的费用。要求银行转账或提供信用卡详细信息是常用的手段，这些钱款当然会汇入诈骗者的账户，而不是你以为的酒店或旅游公司。

Scam attempts can come through emails and text messages as well as phone calls, and as is often the case with these kinds of criminal activities, some kind of urgency may be introduced—perhaps you’ll need to pay quickly to secure your reservation, or there’s been a mix-up with payment processing that needs to be rapidly rectified. 诈骗尝试可能通过电子邮件、短信或电话进行。正如这类犯罪活动的常见套路一样，骗子可能会制造紧迫感——例如，你需要尽快付款以确保预订，或者支付处理出现了差错需要立即纠正。

Avoid Being Caught Out

如何避免中招

At its core, reservation hijacking scams operate the same way as many other scams: You’re contacted by someone who isn’t who they’re pretending to be. No matter how many details they might have about your bookings or travel plans, you shouldn’t engage with anyone asking you for money until you’ve verified their identity. 从本质上讲，“预订劫持”诈骗与其他许多诈骗的运作方式相同：联系你的人并非他们所声称的身份。无论他们掌握了多少关于你预订或旅行计划的细节，在核实对方身份之前，都不应与任何向你索要钱财的人进行交易。

If you do have any doubt, ask if you can contact them—via whatever medium they’ve used. If someone is falsely claiming to be from a hotel and you ask if you can call the hotel back, the ruse very quickly falls apart. You should be particularly cautious when questions are asked of you, even if it’s just to “confirm” some details. 如果你有任何疑问，请询问是否可以通过他们使用的媒介回拨联系。如果有人冒充酒店员工，而你提出要回拨酒店电话核实，骗局很快就会被拆穿。当对方询问你问题时，即使只是为了“确认”某些细节，你也应该格外谨慎。

Booking.com told the BBC that it will never ask customers to share credit card information over the phone, email, or text. The company also will never ask customers to make any kind of payment (like a bank transfer) that’s different from the payment details in their booking. Booking.com 向 BBC 表示，绝不会要求客户通过电话、电子邮件或短信分享信用卡信息。该公司也绝不会要求客户进行任何与预订详情中不同的付款方式（如银行转账）。

Sticking to official communication channels and apps is essential when trying to protect yourself against these and other scams. Bad actors looking to make money from you will have to operate outside these official channels, because they’re not official. As always, don’t rush into anything, which the scammers will almost always try and make you do. 在防范这些及其他诈骗时，坚持使用官方沟通渠道和应用程序至关重要。试图从你身上获利的坏人必须在这些官方渠道之外操作，因为他们并非官方人员。一如既往，不要仓促行事，而这正是诈骗者几乎总是试图让你做的事情。

All of the standard security practices still apply too. Secure your accounts with strong, unique passwords that you don’t share with anyone and which are impossible to guess. And if the accounts you’re using offer two-factor authentication (as Booking.com does), where a verification code is needed in addition to a username and password, turn it on. 所有标准的网络安全做法同样适用。使用强大且唯一的密码保护你的账户，不要与任何人分享，并确保密码难以被猜到。如果你的账户提供双重身份验证（如 Booking.com），即除了用户名和密码外还需要验证码，请务必开启它。