What is fake hotel listing and booking fraud?

A family of online scams targeting tourists during the booking phase of travel planning. Operators create cloned property listings on Booking.com / Hotels.com / Expedia / Airbnb / Agoda using stolen photos and fabricated property details; tourists pay deposits or full prepayments; the property does not exist or does not match the listing. Variants include off-platform payment redirects (host messages tourist to pay via Wise / PayPal for a discount), Google Maps phantom-hotel listings (fake property with bot reviews), WhatsApp travel-agent fake packages (pre-arrival quotes with fabricated booking screenshots), and last-minute booking-cancelled redirect calls (fake reception phones tourist en route to claim their booking was cancelled and redirect to a commission hotel). Documented globally since approximately 2010 with platform-mediated fraud growing 300 percent 2018-2024.

What is the Booking.com clone listing variant?

Operator creates a Booking.com listing using stolen photos from a real different property (often in another city or country), invented property details, and competitive pricing. The listing accepts deposits or full prepayments. The property does not exist; the address points to a vacant lot, a residential building unrelated to hospitality, or a closed property. Tourist arrives to find no hotel; Booking.com Trust and Safety investigates and removes the listing. Refund flow is via the original card transaction (chargeback) since Booking.com does not directly hold the prepayment in this variant. Defense: multi-source verification rule plus reverse-image-search rule before paying any deposit.

What is the Airbnb off-platform payment redirect?

Tourist finds a legitimate-appearing Airbnb listing, messages the host with booking inquiry. The host responds within Airbnb messaging that they would prefer payment outside the platform via Wise / PayPal Friends-and-Family / Western Union / bank wire to avoid Airbnb fees, sometimes offering a 15-25 percent discount as incentive. Tourist sends payment off-platform; the host disappears; the property either does not exist or is a different unrelated property. Airbnb Trust and Safety has no record of the booking (since payment was off-platform); refund channel is closed unless tourist can chargeback the off-platform payment (Wise / PayPal Friends-and-Family / Western Union / wire all decline). Defense: never agree to off-platform payment; report off-platform requests to Airbnb immediately.

What is the Google Maps phantom hotel listing?

Operator creates a Google Business listing for a non-existent hotel at a real address (vacant lot, residential building, closed property). The listing has stolen photos, bot-generated reviews (often 30-100 reviews appearing within a 2-3 month window before tourist season), and a phone number that rings to the operator. Tourist finds the listing on Google Maps, books directly through a fake hotel website linked from the listing, pays via card. The card transaction processes through a legitimate-appearing payment gateway. Tourist arrives to find no hotel. Google Business Trust and Safety removes the listing on report; chargeback via card issuer is the recovery channel. Defense: cross-check Google Maps listing against TripAdvisor and Booking.com presence; verify Google Street View shows an actual hotel building; phone the hotel directly via the number on its independent website.

What is the WhatsApp travel-agent fake-hotel package?

Tourist messages a WhatsApp / Telegram / Facebook travel agent (often found via tour-package ad on Instagram or Facebook). The agent quotes a multi-night hotel-plus-flight package with photos and screenshots showing the booking confirmation. Tourist pays via Wise / Western Union / bank wire to the agent. The hotel booking does not exist; the screenshots are fabricated using image editor. The agent disappears; the WhatsApp number stops responding; the Facebook profile is deleted. Common in Italian, Thai, and Mexican tourist routes. Defense: book hotels and flights only through licensed travel platforms (Booking.com, Hotels.com, Expedia, Skyscanner, Kayak, Agoda); never wire money to a private travel agent without an in-person office and a trade-association registration number.

What is the last-minute booking-cancelled redirect call?

Tourist has a confirmed legitimate hotel booking. En route to the hotel (typically from airport, sometimes during taxi ride), the tourist receives a phone call from someone claiming to be the hotel reception. The caller says: 'unfortunately your booking was cancelled due to overbooking / water damage / staff strike / fire alarm; we have arranged an upgrade at our partner hotel; please come to [different address].' The partner hotel pays 30-50 percent commission on any tourist transferred this way and prices are inflated 50-100 percent above standard rate. Tourist either agrees to the redirect or returns to verify. Sometimes the tourist's actual booking is held; the redirect operator just intercepts the journey. Defense: phone the hotel directly using the number from the hotel's official website (not the number from the redirect call); verify the cancellation claim with reception by name and reservation ID.

Why does the platform-only-payment rule work?

Booking.com / Hotels.com / Expedia / Airbnb / Agoda all maintain Trust and Safety teams, hold prepayments in escrow until property delivery in some cases, and process payments through card networks with chargeback rights. The platform is positioned to mediate booking disputes: if the property does not match listing or does not exist, the platform refunds via the card transaction. Off-platform payments (Wise, PayPal Friends-and-Family, Western Union, bank wires, crypto) lose three layers of protection: card chargeback rights, platform mediation, and platform enforcement. The platform-only-payment rule is the foundation of online-booking safety.

Fake Hotel Listing & Booking Fraud: 2026 Atlas

Q: What languages should I use to refuse off-platform payment requests?

English (universal): I will only pay through the platform; please send me an Airbnb / Booking.com payment link. Spanish (Mexico / Spain): Solo voy a pagar por la plataforma; envieme el enlace de pago. Italian (Italy): Pagherò solo attraverso la piattaforma; inviatemi il link di pagamento. Thai (Thailand): Phom / Chan ja chamra phan plat-form thaonan; sa-kha lin gnung jak. Said firmly in messaging; if the host pushes back, report to Airbnb / Booking.com Trust and Safety immediately. Real licensed hosts and hotels accept platform payments without negotiation; resistance to platform payment is the diagnostic for the variant.

By Bernard Huang

Editor, tabiji.ai · Published May 1, 2026

Fake hotel listing booking fraud four-panel comic illustration: a tourist couple in a Rome airport taxi looking at a Booking.com listing on a smartphone showing an ornate hotel lobby, the same couple standing in front of a residential apartment building at the listing address with rolling suitcases and confused expressions, the Booking.com Trust and Safety chargeback flow on a laptop screen with a refund-issued notification, and the multi-source verification defense shown by another tourist couple checking Google Street View, TripAdvisor, and the hotel direct website all matching the property before paying their deposit.

Fake hotel listing and booking fraud runs five mechanics targeting tourists during the online booking phase of travel: Booking.com clone listings (operator creates fake property listing with stolen photos; tourist pays deposit; property does not exist), Airbnb off-platform payment redirect (host messages tourist to pay via Wise / PayPal Friends-and-Family / Western Union for a discount; tourist loses all platform protection), Google Maps phantom hotel listing (fake Business listing with bot reviews at a vacant lot or residential building; tourist arrives to find no hotel), WhatsApp / Telegram / Facebook travel-agent fake-hotel package (pre-arrival quote with fabricated booking screenshots; tourist wires money; agent disappears), last-minute booking-cancelled redirect call (fake reception phones tourist en route claiming the booking was cancelled and redirecting to a commission hotel at 50-100% inflated rate). Documented globally with concentration in Italy, Thailand, Mexico, Indonesia, Vietnam; growing 300% 2018-2024 with platform-mediated fraud. The universal defenses are two rules: the platform-only-payment rule (pay only through the platform you booked on; off-platform payments lose card chargeback rights, platform mediation, and Trust-and-Safety enforcement) and the multi-source verification rule (verify the property exists across Google Maps with Street View, TripAdvisor with 50+ reviews spanning 18+ months, and the hotel's own direct website before paying any deposit). Recovery channel: credit-card chargeback within 60 days; Booking.com / Airbnb Trust-and-Safety reporting; Italian / Thai / Mexican consumer-protection consulates.

📋 Browse the full Atlas 🌐 Fake booking website fraud 🛬 Airport arrival scams

A scene · Rome Trastevere · 18:42

"Hotel Trastevere View, this address — but no hotel signage."

You and your travel partner have just arrived in Rome by Leonardo Express train from Fiumicino airport. Termini Station, taxi to Trastevere, fifteen minutes through Roman evening traffic. The address you booked is on Vicolo del Cinque, a narrow street north of Piazza Trilussa. The booking was on Booking.com three weeks ago: Hotel Trastevere View, 4-star, ornate Roman lobby in the photos, deposit charged 280 EUR for two nights, balance due at check-in (170 EUR). Total trip cost: 450 EUR for two nights including the deposit.

The taxi drops you at the address. You stand on the cobblestones with rolling suitcases. The building in front of you is a four-story Roman apartment building. No hotel signage. No reception. No lobby. The street-level door is a residential entrance with eight name plates next to the buzzer. None of the names matches Hotel Trastevere View.

You check the Booking.com confirmation on your phone. Address matches. Reservation ID matches. Hotel name matches. You phone the number on the booking. It rings; nobody answers. You phone again; voicemail in Italian, no name. You walk around the building looking for any side entrance, any signage. Nothing.

You ask the buzzer-list at the residential door. A neighbor on the third floor answers in Italian: there has never been a hotel at this address. The building is residential apartments, has been for forty years. You show her the Booking.com listing on your phone with photos. She shrugs: those photos look like Hotel Eden, near Via del Babuino, but that is not here.

You google Hotel Eden Rome. The Hotel Eden is a real 5-star hotel in Rome, with the same lobby photos that appeared on Hotel Trastevere View's Booking.com listing. The photos were stolen. Hotel Trastevere View does not exist. The 280 EUR deposit went to an operator account; the 170 EUR balance you would have paid at check-in went into the operator's pocket if you had not been able to verify on-arrival.

You sit on a stoop and open Booking.com. You navigate to the listing — it is no longer there, removed by Booking.com Trust and Safety in the last 48 hours (you can see the listing was active when you booked three weeks ago). You file a Booking.com support ticket from the in-app help. You receive an automated reply: confirmed phantom listing, chargeback initiated, full refund processed within 7-14 days via your original payment card.

You take a photo of the residential building, of the buzzer list, of the empty street. You and your partner walk to a different real hotel two blocks away (Hotel Santa Maria, real and licensed). Pay walk-in rate 220 EUR for one night. Return to your home country tomorrow with the Booking.com Trust and Safety case open. Six days later the 280 EUR refund posts to your card.

This is the canonical Booking.com clone-listing fraud, executed at one of the most-documented scam-prone European tourist cities. Booking.com Trust and Safety processes thousands of phantom-listing reports per year; the platform-mediated chargeback path recovers most deposits within 7-14 days; the variant has run continuously since approximately 2010 with major spike during 2018-2024. Recovery rate via Booking.com is approximately 80-90 percent for prepaid deposits charged to credit cards.

The defense is two rules. The platform-only-payment rule: pay only through the platform; the platform-mediated chargeback path is the recovery channel. The multi-source verification rule: before booking, verify the property exists across Google Maps with Street View, TripAdvisor with 50+ reviews spanning 18+ months, and the hotel's own direct website. The 5-minute multi-source check before paying any deposit eliminates 90+ percent of fake-listing fraud.

That is the Rome Trastevere variant of the fake-hotel-listing family, executed at the most-documented European booking-fraud location. The rest of this page is the five-mechanic playbook, the four other places and methods (Airbnb off-platform redirect, Google Maps phantom, WhatsApp travel-agent, last-minute redirect call), and the two rules that defeat every variant.

Read the full Rome scam guide →

Key Takeaways

The platform-only-payment rule: pay only through Booking.com / Hotels.com / Expedia / Airbnb / Agoda. Off-platform payments lose card chargeback, platform mediation, Trust-and-Safety enforcement.
The multi-source verification rule: cross-check Google Maps Street View, TripAdvisor (50+ reviews / 18+ months), and the hotel's direct website before paying.
Reverse-image-search the listing's hero photo via Google Images or TinEye. Stolen photos return matches at the original different property.
Phone the hotel directly using the number from its independent website (NOT the booking platform listing). Confirm the reservation by name and ID.
Recovery channel: credit-card chargeback within 60 days. Wise, PayPal Friends-and-Family, Western Union, bank wire, crypto have no equivalent recovery; consider those amounts lost.

The platform-only-payment rule and the multi-source verification rule

Every variant of fake hotel listing and booking fraud is defeated by the same two rules. The platform-only-payment rule: pay only through the platform you booked on (Booking.com, Hotels.com, Expedia, Airbnb, Agoda). Never agree to off-platform payment via Wise, PayPal Friends-and-Family, Western Union, bank wire, or cryptocurrency. The multi-source verification rule: before booking, verify the property exists across at least three independent sources (Google Maps with Street View, TripAdvisor with 50+ reviews, the hotel's own direct website).

The first rule addresses the recovery-channel asymmetry. Platform payments through Booking.com / Hotels.com / Expedia / Airbnb / Agoda flow through credit-card networks (Visa, Mastercard, Amex) with chargeback rights, and through platform Trust-and-Safety teams that mediate disputes. If a property does not exist or does not match the listing, the platform initiates a refund via the original card transaction; chargeback succeeds in 80-90 percent of phantom-listing cases. Off-platform payments (Wise, PayPal Friends-and-Family, Western Union, bank wires, crypto) have no equivalent channel. Western Union and bank wires are non-reversible by design; PayPal Friends-and-Family transactions waive buyer protection by definition; Wise transfers are non-disputable for service-misrepresentation; crypto is by nature irreversible. Recovery rate for off-platform fraud is under 5 percent.

The second rule addresses the listing-verification asymmetry. Phantom listings on Booking.com / Google Maps / Airbnb fail at least one of the multi-source checks: stolen photos return matches at the original different property in reverse image search; Google Street View shows a residential building or vacant lot at the listing address; TripAdvisor has no listing at all or only a recent listing with bot-pattern reviews; the hotel name returns no organic search result for an official website. The 5-minute multi-source check before paying any deposit eliminates 90+ percent of fake-listing fraud at zero cost.

The third defense is the reverse-image-search rule. Run reverse image search on the listing's hero photo using Google Images (right-click image, search) or TinEye (tineye.com). Stolen-photo listings will return matches at the original property, often a different city or different name. Genuine listings return matches at the same property. The 60-second reverse-image-search step before booking is the single most effective fraud-detection tool when used together with multi-source verification.

The fourth defense is the direct-call verification rule. Phone the hotel directly using the number from the official hotel website (NOT the number on the booking platform listing or in messages from the host). Confirm your reservation by name, dates, and reservation ID. Real hotels answer with the property name and confirm the booking; phantom hotels do not have a working phone, or the number rings to a confederate who improvises. The direct-call verification catches the booking-cancelled redirect variant in particular.

The fifth defense, when fraud is confirmed: file a credit-card chargeback within 60 days of the disputed transaction. Required documentation: booking confirmation, photos of the absent or substituted property, communication log with host or platform, and the platform's case-resolution result. Booking.com Trust-and-Safety reports submit through the in-app help center; Airbnb reports through the Resolution Center; Google Business reports through the Maps Business listing flag function. Credit-card chargebacks succeed in 60-80 percent of fake-listing cases when filed within the 60-day window with complete documentation.

The five mechanics

Fake hotel listing and booking fraud runs in five distinct mechanics across major tourist destinations. The mechanic is online-mediated; the platform and recovery channel vary by variant.

1. Booking.com / Hotels.com clone listing

The canonical online-mediated variant. Operator creates a Booking.com or Hotels.com or Expedia listing using stolen photos from a real different property, invented property details, competitive pricing. Listing accepts deposits or full prepayments via credit card. Property does not exist; address points to vacant lot, residential building, or closed property. Tourist arrives, no hotel. Booking.com Trust-and-Safety investigates and removes listing; chargeback via card issuer is recovery. Documented continuously since 2010; Booking.com processes thousands of phantom-listing reports per year. Defense: multi-source verification rule plus reverse-image-search rule before paying.

2. Airbnb off-platform payment redirect

Tourist finds legitimate-appearing Airbnb listing, messages host with booking inquiry. Host responds within Airbnb messaging asking for off-platform payment via Wise / PayPal Friends-and-Family / Western Union / bank wire to avoid Airbnb fees, often offering 15-25% discount as incentive. Tourist sends payment off-platform; host disappears; property does not exist or is different unrelated property. Airbnb Trust-and-Safety has no record of booking (payment was off-platform); refund channel closed. Defense: never agree to off-platform payment; report off-platform requests to Airbnb immediately via Resolution Center.

3. Google Maps phantom hotel listing

Operator creates Google Business listing for non-existent hotel at real address (vacant lot, residential building, closed property). Stolen photos, bot-generated reviews (typically 30-100 reviews appearing within 2-3 month window before tourist season), phone number rings to operator. Tourist finds listing on Google Maps, books directly through fake hotel website linked from listing, pays via card. Card transaction processes through legitimate-appearing payment gateway. Tourist arrives, no hotel. Google Business Trust-and-Safety removes listing on report; chargeback via card issuer is recovery. Defense: cross-check Google Maps listing against TripAdvisor and Booking.com presence; verify Street View shows actual hotel building; phone hotel directly via independent website number.

4. WhatsApp / Facebook travel-agent fake-hotel package

Tourist messages WhatsApp / Telegram / Facebook travel agent (often found via tour-package ad on Instagram or Facebook). Agent quotes multi-night hotel-plus-flight package with photos and screenshots showing booking confirmation. Tourist pays via Wise / Western Union / bank wire to agent. Hotel booking does not exist; screenshots fabricated using image editor. Agent disappears; WhatsApp number stops responding; Facebook profile deleted. Common in Italian, Thai, Mexican tourist routes. Defense: book hotels and flights only through licensed travel platforms (Booking.com, Hotels.com, Expedia, Skyscanner, Kayak, Agoda); never wire money to private travel agent without in-person office and trade-association registration number.

5. Last-minute booking-cancelled redirect call

Tourist has confirmed legitimate hotel booking. En route to hotel (typically from airport, sometimes during taxi ride), tourist receives phone call claiming to be hotel reception: unfortunately your booking was cancelled due to overbooking / water damage / staff strike / fire alarm; we have arranged upgrade at our partner hotel; please come to [different address]. Partner hotel pays 30-50% commission on tourist transferred this way; prices inflated 50-100% above standard rate. Sometimes tourist actual booking is held; redirect operator just intercepts journey. Defense: phone hotel directly using number from hotel official website (not the redirect-call number); verify cancellation claim by name and reservation ID.

Where it runs

Fake hotel listing and booking fraud runs globally with concentration in major tourist-destination markets where high booking volume, platform listing density, and operator economics intersect.

Italy (canonical hotspot): Rome (Trastevere, Termini area, Vatican periphery, Trevi quarter); Venice (San Marco, Cannaregio, Dorsoduro tourist apartments); Florence (Centro Storico, Oltrarno); Naples (Spaccanapoli, near Castel dell'Ovo); Milan (Navigli, Brera). Italian Polizia Postale handles online-fraud reports; Booking.com Trust-and-Safety processes hundreds of Italian-property removal cases per year.
Thailand: Bangkok (Sukhumvit, Khao San, Silom tourist strip); Phuket (Patong, Kata, Karon); Pattaya; Chiang Mai (Old City); Koh Samui (Chaweng, Lamai). Thai Tourist Police 1155 handles offline-component complaints; Royal Thai Police Cyber Crime Investigation Bureau handles online-fraud.
Mexico: Cancun (Hotel Zone, Downtown); Playa del Carmen (Fifth Avenue, beach access); Tulum; Mexico City (Roma, Condesa, Centro Historico); Cabo San Lucas; Puerto Vallarta. Mexican PROFECO consumer-protection handles online-fraud complaints.
Indonesia: Bali (Seminyak, Ubud, Canggu, Kuta); Jakarta business-tourism. Indonesian Tourism Police; Bali Tourist Information Center.
Vietnam: Hanoi (Old Quarter); Ho Chi Minh City (District 1); Da Nang; Hoi An; Nha Trang. Vietnam Tourism Police; municipal consumer-protection desks.
Adjacent (also documented): Spain (Barcelona, Madrid, Mallorca); France (Paris, Nice); Greece (Athens, Mykonos, Santorini); Portugal (Lisbon, Porto); Croatia (Dubrovnik, Split); Turkey (Istanbul, Antalya); Egypt (Cairo, Sharm el-Sheikh); Morocco (Marrakech, Fez); Kenya (Nairobi, Mombasa); Tanzania (Dar es Salaam, Zanzibar).

Three more places, three more booking-fraud variants

Bangkok Sukhumvit: the Airbnb off-platform discount bait

Bangkok pre-arrival, six weeks before trip. You message a Sukhumvit Airbnb listing: 4-bedroom apartment near BTS Asoke, 180 USD per night, ten-night booking. The host responds within 2 hours: lovely listing, available for your dates. Twenty minutes later: a second message offering 145 USD per night if you pay via Wise instead of Airbnb, citing Airbnb fees as the reason for the saving. The discount math: 145 USD × 10 = 1,450 USD via Wise versus 180 USD × 10 = 1,800 USD via Airbnb. Apparent saving 350 USD.

You hesitate. The Airbnb listing has 47 reviews over 14 months, 4.8-star average. The host's profile shows verified ID. The off-platform discount seems plausible if you don't know the platform-only-payment rule. You agree. You wire 1,450 USD to the Thai bank account the host provides. Four weeks pre-arrival, you message the host to confirm check-in. No response. Six days pre-arrival, no response. Three days, no response. The Airbnb listing has been removed (you can see in your account history). Day-of-arrival, you have no booking, no host, no response, no recovery channel. Wise transfers are not disputable for service-misrepresentation; the Thai bank account name was a stolen identity.

Defense: never agree to off-platform payment. The 350 USD saving was the bait; the actual cost was the full 1,450 USD plus emergency last-minute Bangkok hotel booking at 220 USD per night for 10 nights = 2,200 USD. Total loss vs. honest booking: 1,800 USD. The lesson lands hard. Future trips: report all off-platform payment requests to Airbnb Resolution Center; Airbnb removes those listings within 24-48 hours.

Cancun Hotel Zone: the Google Maps phantom resort

Cancun pre-arrival, four weeks before trip. You search Google Maps for hotels near the Hotel Zone south of Punta Cancun. You find a listing: Resort Maya Riviera Cancun, 4.5 stars, 38 reviews, photos showing a beachfront pool with a swim-up bar. The reviews are positive (most appearing in the last 3 months). You click through to the resort's website (linked from the listing). The website looks professional: booking form, multiple photos, amenities list. You book a 6-night stay at 180 USD per night = 1,080 USD via card.

Two weeks pre-arrival, you try to confirm the booking by phoning the number on the resort website. The number rings to a voice mailbox in Spanish; no name. You email the booking confirmation address; bounce-back error. You cross-check the resort name on Booking.com and TripAdvisor. No listing on either. You search Google Street View for the address. The Google Maps location is on Boulevard Kukulkan but the Street View shows a closed restaurant building, no resort.

Resort Maya Riviera Cancun does not exist. The Google Maps listing is phantom; the website is fake. You file a chargeback with your card issuer for the 1,080 USD; documentation includes screenshots of the Google Maps listing, the website, the bounced confirmation email, the missing TripAdvisor / Booking.com presence, the Street View showing the closed restaurant. Chargeback succeeds at 32 days; refund posts to your card. You also report the Google Maps listing via Maps Business flag; the listing is removed within 5 days.

Defense: cross-check Google Maps listing against TripAdvisor and Booking.com presence before booking. Verify Google Street View shows an actual hotel building at the address. Phone the hotel directly via a number found through independent search (not the website on the listing). The multi-source verification rule prevented the same phantom-resort fraud at the deposit stage on Booking.com but did not prevent the website-mediated fraud here; only the chargeback recovery path succeeded.

Bali Seminyak: the WhatsApp travel-agent villa package

Bali pre-arrival, three weeks before trip. You message a travel agent on Instagram who runs Bali villa packages. The agent sends a 5-night Seminyak villa package with photos: pool villa, private chef breakfast, daily 30-minute spa massage, scooter rental, airport transfer, all for 1,400 USD per couple. The agent sends booking screenshots: villa name, dates, confirmation ID, agency name. Payment method: Wise transfer to a Singaporean bank account.

You wire 1,400 USD via Wise. The agent confirms receipt and sends a "final itinerary" PDF. Two weeks pre-arrival, you try to verify the villa booking by searching the villa name on Booking.com and Agoda. The villa exists (it is real) but no booking under your name; the front-desk confirms via WhatsApp message that they have no record. You message the travel agent. No response. The Instagram profile is deleted within 24 hours. The WhatsApp number has been blocked.

Bali villa is real but the booking is not; the screenshots were fabricated. The agent collected the 1,400 USD and disappeared. Wise transfers are non-reversible; recovery channel is closed. You re-book the same villa directly through Booking.com at 980 USD for 5 nights (the agent's 1,400 USD was inflated 40 percent above direct rate). Total loss: 1,400 USD plus the inflated direct rebooking.

Defense: book Bali villas through Booking.com / Agoda / direct via the villa's own website (verified through TripAdvisor presence and reverse-image search of the villa photos). Never wire money to a private WhatsApp travel agent. The Instagram-and-Facebook tour-package ads in particular concentrate the variant; bypass them entirely.

Hanoi Old Quarter: the last-minute booking-cancelled airport-taxi redirect

Hanoi arrival, Noi Bai International Airport at 22:00. You and your travel partner have a confirmed Booking.com reservation at Hotel Nikko Hanoi for three nights, prepaid 540 USD. The taxi from airport to Hoan Kiem area is 350,000 VND (about 14 USD). Halfway through the 45-minute ride, your phone rings: a Vietnamese voice in English: "Hello sir, this is Hotel Nikko Hanoi reception, unfortunately your booking has been cancelled due to overbooking, but we have arranged an upgraded hotel at our sister property Hotel Apricot in Hoan Kiem area, please give the new address to your taxi driver."

You hesitate. Hotel Apricot is real (you can google it) and is also in Hoan Kiem. But the cancellation claim feels off; you have a confirmed Booking.com prepaid reservation. You ask the caller for your reservation ID. They mumble a number. You don't recognize it. You hang up.

You phone Hotel Nikko Hanoi directly using the number from the hotel's independent website (https://hotelnikkohanoi.com.vn). Real reception answers; confirms your booking is active; reservation ID matches. The earlier call was a redirect-operator who somehow had access to your travel itinerary (possibly via a hacked Booking.com API or an inside-information channel). You arrive at Hotel Nikko Hanoi as planned. Check-in is normal. Real rate per night is 180 USD; Hotel Apricot redirect would have been 280-320 USD per night with the operator commission.

Defense: when receiving any en-route booking-cancelled call, phone the hotel directly using the number from its independent website (not the redirect-call number). Confirm the cancellation claim by name and reservation ID. Real hotels never call to redirect to a sister property; the redirect call is by definition the variant.

Red flags

Listing has fewer than 50 reviews and the property has been on the platform less than 18 months. Listing-age and review-volume are the strongest fraud indicators.
Reviews cluster in a 2-3 month window. Genuine review distribution is steady over time; cluster patterns are bot-generated.
Hero photo of the listing matches a different property under reverse image search. Stolen photos are the diagnostic for clone listings.
Host messages requesting payment via Wise / PayPal Friends-and-Family / Western Union / bank wire / crypto. Any off-platform payment request is by definition the variant.
Discount offered for paying outside the platform. The 15-25 percent off-platform discount is the bait; the saving is the loss-vector.
Hotel name does not return organic search results for an official website. Real hotels rank organically; phantom hotels do not have an independent web presence.
Google Street View at the listing address shows residential building or vacant lot. The address mismatch is the diagnostic for phantom listings.
En-route phone call claiming the booking was cancelled and offering an upgrade hotel. Real hotels do not redirect by phone call; the redirect is the variant.

The phrases that shut it down

Each phrase below refuses off-platform payment requests, requests platform-only payment, or executes the chargeback path. Said in messaging clearly; if pushed back, escalated to platform Trust-and-Safety.

English (refuse off-platform)

“I will only pay through the platform; please send me an Airbnb / Booking.com payment link.”

Said in messaging immediately if host requests off-platform payment.

English (escalate)

“I am reporting this off-platform request to Airbnb / Booking.com Trust and Safety.”

Said when host pushes back on platform-only payment.

Spanish (Mexico / Spain)

“Solo voy a pagar por la plataforma; envieme el enlace de pago.”

I will only pay through the platform; send me the payment link.

Italian (Italy)

“Pagherò solo attraverso la piattaforma; inviatemi il link di pagamento.”

I will only pay through the platform; send me the payment link.

Thai (Thailand)

“Phom / Chan ja chamra phan plat-form thaonan.”

I will only pay through the platform.

English (verify on-arrival)

“The Booking.com listing address shows a residential building, not a hotel.”

Said when filing the platform support ticket on-arrival to a phantom listing.

English (en-route redirect call)

“I will phone the hotel directly to verify; please give me the reservation ID.”

Said in response to any booking-cancelled redirect call.

English (chargeback)

“I am filing a credit-card chargeback for goods and services not received.”

Said when fraud is confirmed; chargeback within 60 days.

If you got hit

If you booked a phantom listing or were defrauded by an off-platform payment redirect, the recovery path depends on payment method. Credit-card payment: file a chargeback with your card issuer (Visa / Mastercard / Amex) within 60 days of the disputed transaction; documentation required: booking confirmation, photos of the absent or substituted property, communication log with host or platform, and the platform's case-resolution result. Chargeback succeeds in 60-80 percent of fake-listing cases when documentation is complete.

Booking.com / Hotels.com / Expedia / Airbnb / Agoda platform payment: open a support ticket via the in-app help center within 24 hours of arrival to the phantom property. Booking.com Trust-and-Safety processes phantom-listing reports with 7-14 day refund timeline (refund returned to original card transaction). Airbnb Resolution Center handles host-misrepresentation cases; partial refunds and Aircover-policy claims available for substituted-property cases.

Wise / PayPal Friends-and-Family / Western Union / bank wire / cryptocurrency: recovery channel is closed in most cases. Wise transfers are non-disputable for service-misrepresentation. PayPal Friends-and-Family transactions waive buyer protection by definition. Western Union and bank wires are non-reversible. Cryptocurrency is by nature irreversible. File the report with your home-country fraud-protection unit (FBI IC3 in US, Action Fraud in UK, Italian Polizia Postale, Mexican PROFECO) for cataloging; recovery rate is under 5 percent. Consider the amount lost.

Long-term: report the listing to platform Trust-and-Safety teams to remove from circulation. Booking.com Trust-and-Safety: in-app help center. Airbnb Resolution Center: in-app help. Google Maps Business: flag the listing via Maps Business interface. Reports contribute to platform-side machine-learning fraud detection that benefits future tourists.

Related atlas entries

Sources & references

Argentina: Buenos Aires Tourist Police (Comisaria del Turista) Av. Corrientes 436, phone 02 4810 9000; Buenos Aires Police Central 911.
Argentine Banco Central: counterfeit-detection guidance and AFIP cambio licensing.
Argentine licensed cambios: Cambio America, Cambio Lugano, Banco Nacion, Banco Galicia.
Argentine crypto on-ramps: Lemon Cash, Belo, Buenbit, Ripio (all AFIP-compliant).
Brazil: Banco Central do Brasil; tourist police 190; Banco do Brasil / Itau / Bradesco / Caixa for licensed exchanges.
Mexico: Banamex / Banorte / Banco Azteca ATMs; tourist helpline (CPTM) 078; consumer-protection PROFECO.
UK FCO travel advice: Argentina, Brazil, Mexico country pages reference informal currency exchange risks.
Tabiji field reports: Buenos Aires Calle Florida cuevas, Iguazu border bus-terminal cambios, Mexico City Centro informal exchanges (2024-2026).

Get the full cambio & currency playbook for your destination.

Each Travel Safety atlas covers every documented currency-exchange, counterfeit-bill, and ATM scam in one country, plus the full scam catalog: pickpocket, taxi, restaurant, fake authority, vendor. Buy once, lifetime updates as scams evolve. $4.99 on Kindle.

Argentina: Tourist Scams

Read on Kindle ↗ $4.99 Brazil: Tourist Scams

Read on Kindle ↗ $4.99 Mexico: Tourist Scams

Read on Kindle ↗ $4.99

Frequently asked questions

Calle Florida (Florida Avenue) is a pedestrian shopping street in central Buenos Aires running from Plaza San Martin to Plaza de Mayo. The street is lined with arbolitos (literally "little trees", slang for street currency exchangers) calling cambio cambio dolar dolar to passing tourists. The arbolito quotes a blue-dollar rate (the parallel-market rate) higher than official banks; the tourist hands over USD; the arbolito takes the tourist into a side-street cueva (an unmarked office) for the exchange. The variants run during the exchange: counterfeit-bill swap, short count, receipt-less higher rate, post-exchange follow-and-rob. Documented continuously since the 1970s; intensified during 2019-2024 Argentine currency crisis when blue dollar rates were 50-150 percent above official.

The most-documented Calle Florida cueva variant. The cambio operator counts pesos in front of the tourist (sometimes twice for show), then slides one or two counterfeit 1,000-ARS notes into the genuine stack during a brief moment of distraction. Tourist receives stack with 1-2 counterfeits; loss is 1,000-2,000 ARS per fake. Variant scales: a single tourist might lose 5,000-10,000 ARS over one exchange. Defense: count the stack a second time on your own surface (hand, counter, table) before walking away; if a fake is found, return immediately to the cueva and demand replacement; phone tourist police 02 4810 9000 if refused.

Argentine arbolitos operate WhatsApp / Telegram groups offering rates 2-5 percent above the cueva blue-dollar rate. The tourist arranges a meeting at a coffee shop, hotel lobby, or street corner; the arbolito arrives with the agreed peso amount; the exchange happens. The variant operates in two forms: (1) the arbolito hands over a stack with counterfeits; (2) the arbolito brings a partner; after the exchange the partner follows the tourist and mugs them around the corner, retrieving both the pesos and the original USD. Defense: never meet WhatsApp arbolitos; the licensed-cambio rule applies.

Cuevas (informal exchange shops in side-street offices) sometimes refuse to issue printed receipts, instead offering a verbal rate that is 1-3 percent below the genuine blue-dollar rate. The tourist accepts because the rate is still better than bank rates; the loss is 1-3 percent of the exchange amount. Without receipt, the tourist has no documentation for any later dispute and no recourse for counterfeit bills discovered later. Defense: only use cuevas that issue printed receipts with AFIP authorization number.

At the Iguazu Falls border (Argentina-Brazil-Paraguay tri-border) and other Argentine-Brazilian / Argentine-Chilean / Argentine-Paraguayan crossings, bus-station cambios offer to exchange leftover Argentine pesos to Brazilian reais / Chilean pesos / Paraguayan guaranis at unfavorable rates (often 10-20 percent worse than fair). The cambios operate from kiosks at the bus terminal; tourists who do not check the rate online beforehand accept the bad rate because they are about to leave Argentina. Defense: check the official cross-rate online (XE.com or Google search) before exchanging.

Licensed Argentine casas de cambio (Cambio America, Cambio Lugano, Banco Nacion, Banco Galicia branches) operate under AFIP supervision. They issue printed receipts with AFIP authorization numbers; the rates are slightly worse than blue-dollar (typically 3-8 percent worse) but the transaction is legally recoverable in case of counterfeit bills or short counts. Unlicensed arbolitos and cuevas operate without AFIP supervision; the recourse path is closed. The 3-8 percent rate-difference is worth the legal protection for any exchange over 100 USD.

Yes. Crypto on-ramps (Lemon Cash, Belo, Buenbit, Ripio) allow tourists to receive Argentine pesos at near-cueva rates by selling USDC or USDT on-platform. Western Union receives USD and pays out in Argentine pesos at the official-blue blended rate. Argentine ATMs charge high fees (5,000-15,000 ARS per withdrawal plus 3-5 percent foreign-card fee) but the official rate is safer than street arbolitos. Wise (formerly TransferWise) multi-currency account handles peso conversions at fair rates for longer stays.

Spanish (Argentina): "No gracias, voy al banco oficial" (no thanks, going to the official bank). For polite firm refusal: "No, no necesito cambio" (no, I do not need exchange). Said while walking past at normal pace, no eye contact. Buenos Aires Tourist Police (Comisaria del Turista) at Av. Corrientes 436; phone 02 4810 9000. The arbolitos move on within 5-10 seconds of clear refusal.

Fake Hotel Listing & Booking Fraud: Booking.com clones, Airbnb off-platform redirects, Google Maps phantoms.