A new cybercrime trend has surfaced in 2025, revealing that dark web hackers are now posing as underground travel agents. According to a report by Trustwave SpiderLabs, these actors are using stolen credit cards, airline miles, and hotel loyalty points to make real bookings, which they then sell at heavy discounts. This activity has transformed a typical cybercrime operation into a thriving black-market travel agency business.
These so-called “travel agents” advertise their services on darknet marketplaces, private Telegram groups, and encrypted forums. They offer up to 50% discounts on airline tickets, hotel bookings, and car rentals. The process is deceptively simple: a customer pays using cryptocurrency or gift cards, and the hacker uses stolen credentials to make the reservation through legitimate travel websites.
What makes this scam particularly dangerous is its surface-level authenticity. Victims who purchase these services often receive genuine booking confirmations from real airlines and hotel chains. From the outside, nothing appears suspicious, until the booking gets canceled, flagged, or worse, leads to legal trouble when the fraud is discovered.
This entire scheme falls under a tactic called triangulation fraud. It involves three parties: the cybercriminal who makes the fraudulent booking, the original victim whose credentials or loyalty points are used, and the buyer who receives the reservation. While the criminal profits, the other two are left with financial or legal consequences.
The scam has grown due to the use of AI and automation tools, which now allow hackers to create fake travel websites and deploy phishing attacks with alarming speed. These technologies help cybercriminals avoid detection, scale operations, and make their services appear even more legitimate to unsuspecting customers. As a result, fake travel bookings have become harder to trace and more common than ever before.
Recent research shows that this method of travel-related cybercrime is fueling an industry-wide crisis. Fraudulent travel bookings now contribute to an estimated $37 billion in global losses, according to cybersecurity and fraud analysts. The rise of digital booking platforms, loyalty programs, and online travel agents has only expanded the attack surface for these operations.
Travel companies, including airlines, hotels, and rental agencies, are increasingly affected. They not only face chargebacks and direct financial loss but also damage to their brand reputation and trust. Many are now investing in dark web monitoring, manual verification systems, and AI-powered fraud detection to reduce the risk of such scams reaching their systems.
For customers, the risks are just as high. Even if a travel booking seems real, using stolen credentials, knowingly or not, can result in denied services, financial loss, or legal complications. In some cases, buyers don’t find out they were part of a scam until they’re denied check-in or receive fraudulent transaction alerts tied to their own accounts.
To stay safe, travelers are urged to book only through trusted, official channels. Deals that seem too good to be true often are. Experts also recommend avoiding unconventional payment methods like cryptocurrency or gift cards, verifying the legitimacy of travel sites, and enabling multi-factor authentication on loyalty and booking accounts.
The emergence of hackers acting as travel agents shows how cybercrime is evolving from data theft to fully monetized fraud-as-a-service models. As travel demand rises globally, so do the opportunities for exploitation. Awareness, digital caution, and strict fraud controls are now essential for both customers and travel providers alike.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
