Scammers use leaked travel booking data to defraud tourists
Swedish police report a rise in scams where fraudsters exploit leaked data from travel booking sites to trick tourists into handing over money, SVT reports.
Jan Olsson of the National Operations Department (Noa) warns that even if a message appears credible, caution is essential. He notes that while many know not to share bank details with unknown parties, such scams still succeed.
Data breaches can affect any company, including booking platforms. Scammers now use details provided by travelers—such as trip dates and payment methods—to contact them via WhatsApp, posing as the booking site. Messages often claim an issue requires verification, prompting victims to confirm their booking by entering credit card details, which the fraudsters then steal. In some cases, victims are tricked into paying for the same trip a second time.
Olsson highlights that while many recognize phishing emails, WhatsApp messages are harder to verify. He advises skepticism whenever a company requests personal data, especially under urgency. Another red flag is when a business insists on moving communication to closed platforms like WhatsApp or Telegram.
“Pause for a second and maintain a healthy suspicion,” Olsson says. “Think: ‘This sounds odd. Why do they need this information?’ Those few seconds of reflection can prevent falling victim.”
Victims should contact police and their bank, though recovery is unlikely if they voluntarily shared their details. Olsson adds that booking sites must also protect customer data and notify users of breaches, though no system is foolproof.