The holiday is booked, the hotel reservation is confirmed, and everything seems in order. Then, just before departure, a message arrives via WhatsApp, claiming that the reservation must be confirmed or it will be cancelled. The message includes a link, a deadline that matches your actual travel dates, and even addresses you by name on your private mobile number.
At first glance, everything seems legitimate, especially as it refers to a real booking. This is precisely what makes the scam so convincing – it targets people who have genuine upcoming hotel stays.
Digging a little deeper, suspicions arise: the message came from a British phone number, and the link it provided did not lead to Booking.com or the hotel's official website, but to an unfamiliar address. The hotel was immediately contacted for clarification, and within minutes a response arrived. "These messages are fraudulent and are not sent by our establishment."
The recipient was advised not to click any links, not to share personal information, and to delete the message immediately. However, the warning was only issued after contact was made; the hotel had not proactively alerted guests to the scam.
The hotel went on to state: "These messages refer to the Lighthouse / Cubilis online booking portal, which manages bookings made through our own website as well as those from OTAs such as Booking.com and Expedia."
Steve Martinelli, Horesca's secretary general, confirmed to RTL that the federation has now received reports of 15 cases involving hotels in Luxembourg. Horesca has notified the relevant authorities, and formal complaints have been filed. In the reported cases, the perpetrators presented themselves as hotel staff and attempted to obtain guests' credit card details.
What sets this campaign apart is that the victims have all made genuine reservations. The fraudulent messages refer to real bookings, making the requests seem plausible and increasing the likelihood that recipients will respond.
According to Horesca, the affected cases mainly involve hotels using the Lighthouse/Cubilis reservation system, although there is currently no confirmed technical link to the scam.
The scammers use various communication channels, including WhatsApp, email, and even the messaging system on Booking.com. In this case, I received both a WhatsApp message and an SMS at the same time.
Even as these scams become more sophisticated, there are still a few red flags travellers should watch for:
If you have received similar messages or have fallen victim to this type of scam, you are welcome to contact me: pierre.weimerskirch@rtl.com
