Behind the boom in travel, a shadowy trend is gaining ground—criminals are using stolen data to book real vacations for unsuspecting buyers.
Fraudulent travel agencies operating on the dark web are exploiting stolen credit cards and loyalty accounts to offer luxury travel at seemingly unbeatable prices.
According to a July 17, 2025, Wall Street Journal investigation, underground travel “agencies” are using real booking platforms to secure legitimate flights, hotels, and car rentals using stolen credentials.
The scam — known as triangulation fraud — has contributed to an estimated US$37 billion in global losses over the past year.
Cybercriminal groups, identified by Trustwave SpiderLabs, openly advertise travel services via Telegram and dark web marketplaces, offering everything from round-the-world airline tickets to destination weddings at deep discounts.
RELATED: Travel Industry Solutions Launches Fraud Prevention Service for Travel Advisors
Trustwave’s research has highlighted the increasing sophistication of cybercriminals in the hospitality sector, including the rise of dark web travel agencies.
According to Gemini Advisory, the range of services offered includes accommodations, flights, wedding ceremonies, vehicle and boat rentals, helicopter tours, and excursions.
Travellers in the Crosshairs
According to experts, while the fraud is global, Canadian travellers and loyalty programs are being directly impacted:
- The Canadian Anti-Fraud Centre (CAFC) reported over $530 million in fraud losses in 2023, with credit card and identity theft among the top categories.
- Montreal-based Flare Systems has flagged a rise in phishing campaigns impersonating Canadian travel brands like Air Canada and WestJet, used to harvest login credentials and exploit reward programs.
- Fraudulent bookings, traced by cybersecurity firms, often involve departures that are booked just hours before departure to bypass fraud filters.
As documented by multiple sources, because the bookings are technically legitimate, travellers often complete their trips unaware they were booked illegally — until they’re contacted by a bank, airline, or law enforcement agency weeks or months later.
How the Scam Works
- A traveller sees a “deal” advertised through Telegram, a social group, or a suspicious OTA.
- They pay a discounted rate to the fraudulent agency, often by e-transfer or crypto.
- The scammer uses stolen card data to make a real booking on an airline or hotel website, under the buyer’s name.
- If the stolen payment fails, the scammer quickly rebooks using different credentials, keeping the fraud undetected until it’s too late.
RELATED: Scam Alert: Travel Traps to Watch for in 2025
Stolen passports, boarding passes, and loyalty accounts are also sold on dark web forums, according to The Sun.
Advice for Travellers
DO:
- Book only through trusted travel agencies or direct airline/hotel websites.
- Use a credit card (not e-transfer or crypto) to gain fraud protection.
- Set up alerts on your credit card and loyalty accounts for unusual activity.
DON’T:
- Trust travel deals that seem “too good to be true.”
- Share loyalty or ID information outside official brand channels.
- Ignore last-minute booking notifications you didn’t make — even if they’re under your name.
RELATED: Have You Done All You Can to Protect Yourself From Cyber Crime?
Industry Response
Travel providers and banks are under pressure to improve fraud detection, including:
Topics From This Article to Explore
link
More Stories
Laptop prices could jump dramatically this year as RAM shortages and rising CPU costs squeeze notebook makers worldwide
Loblaw confirms data breach – Canadian retail giant says ‘basic customer information’ affected
How to Make a Killing review: a serial killer story should not be this boring