You check into your hotel room after a long day of travel, kick off your shoes, and finally exhale. The room phone rings at some ungodly hour, jolting you from near-sleep. A voice claiming to be from the front desk apologizes profusely for disturbing you but insists there’s an urgent issue with your credit card. It sounds completely legitimate. You’ve just encountered one of the most insidious scams currently plaguing the hospitality industry, and it’s spreading like wildfire across hotels nationwide.
How the Scam Actually Works
The caller is not the front desk attendant. The caller is a fraudster who calls hotels and asks to be transferred to random room numbers, and if the room occupant answers, the fraudster deploys the scam hoping the guest will fall prey. The excuse given is typically a glitch in their computer system or something along those lines, and the caller is very apologetic, even advising you that you don’t have to return to the front desk – you can just give the card information over the phone.
“Fraudsters are actually posing as hotel front desk staff,” Bank5’s Scott Correia explained. “They’re calling guests in their rooms at all hours and asking them for their credit card information under the guise of the hotel system being down.” Some of them are even offering discounts on hotel rooms in order to entice the guest into giving their credit card information. Once you’ve checked into a hotel room with your credit card, the hotel already has your credit card information – so why would hotel staff call your room later to ask for it again? That simple question is exactly what the scam counts on you not thinking to ask.
The Psychology of Exhaustion: Why Travelers Are Perfect Targets
You’ve just endured hours of travel, navigated unfamiliar territory, and finally reached your room. Your guard is down. Your brain is functioning at half capacity. “They’re hoping you’re just tired from travelling and are just going to give them the numbers so you can go on and enjoy your vacation,” one fraud expert explained. “But it’s not the front desk at all. These calls often come late at night or shortly after you’ve checked in at your hotel or resort.”
When you’re disoriented and half asleep, you’re far less likely to question the legitimacy of the call or remember that hotels already have your payment information securely stored in their system. Perhaps the most dangerous thing about this type of scam is that, when the victim answers a call, there is little that anyone else can do to intervene. A phone conversation does not offer the opportunities for unhurried scrutiny that an email might. Scammers use this fact to their advantage, ratcheting up the sense of urgency and bombarding the victim with requests and information. The victim has no room to stop and think about whether it all adds up.
The Alarming Scale of the Financial Damage
Online travel fraud has surged, accounting for $1 trillion in global financial losses in 2024. Travel fraud has now become such a massive problem that it accounted for $274 million in U.S. consumer losses in 2024. Americans reported more than $12.5 billion in fraud in 2024, the majority of which came from telephone fraud. Americans lost $2.6 million between April 2024 and April 2025 from travel-related scams, based on reported cases analyzed from Better Business Bureau tracking data alone.
The actual financial damage is likely far higher, considering many victims never come forward out of embarrassment or uncertainty. In 2024, the fraud rate during the early stages of trip planning increased more than 12% compared to the previous year. One financial expert estimates that victims have lost hundreds of thousands of dollars as a result of this scam, stressing that most hotels keep their guests’ credit cards on file in case there is a systemwide issue – making any call asking you to re-confirm your card a near-certain red flag.
Hotel Data Breaches Are Fueling the Scam Machine
In 2024, Otelier, a cloud-based hotel management platform used by over 10,000 hotels including Marriott, Hilton, and Hyatt, suffered a massive data breach. Hackers exploited an employee’s stolen credentials to access Otelier’s Amazon S3 cloud storage, exfiltrating 7.8 terabytes of data. This included millions of guest records: names, addresses, phone numbers, email addresses, booking details, and partial credit card information. Threat actors gained unauthorized access to the storage buckets between July and October 2024, exposing personal information including guest reservations, contact details, and internal hotel documents.
Security researcher Troy Hunt discovered that the reservations table contained approximately 39 million rows, while a users table held around 212 million entries, though many were duplicates. This stolen data gives scammers the guest details they need to make their fake front desk calls sound legitimate, because they may already know your name, room number, and booking details. Separately, in 2024, Marriott agreed to pay a $52 million settlement to 50 U.S. states relating to a large multi-year data breach impacting over 131 million American customers.
AI and Caller ID Spoofing Are Making the Scam More Convincing
Scammers are now tricking people by making the hotel’s real phone number show up on caller ID screens. Major hotel chains are the main targets, as their high number of transactions makes it nearly impossible to spot fake charges. AI voice cloning technology can mimic anyone’s voice with high accuracy, making scams more convincing. By using cloned voices, scammers can impersonate trusted individuals. Deepfake-enabled vishing surged by over 1,600% in Q1 2025 compared to Q4 2024.
In 2024, experts found voice phishing skyrocketed by 442% year over year, as attackers leverage AI and multi-channel tactics. Deepfake vishing – fraudulent phone calls that leverage AI-generated voice clones – has rapidly evolved into one of today’s most sophisticated social-engineering threats. According to global cybercrime data, fewer than 5% of funds stolen through sophisticated vishing attacks are ever recovered. For hotel guests, this technology convergence makes a call in the night almost impossible to distinguish from a real front desk inquiry.
How to Protect Yourself From the Midnight Desk Call
As the Better Business Bureau points out, hotels should never request your payment information over the phone, even if there is a legitimate issue with your card or their computer system. Instead, they’ll typically ask you to come to the front desk to settle the matter. If there actually is some sort of problem with your credit card, the hotel will know it before you even finish checking in. As one hotel general manager put it, “There should be no reason someone is calling you in your room asking for sensitive information.”
Once a scammer has your information, they can use it to run up fraudulent charges or commit identity theft. If you get a suspicious call, hang up and call the front desk directly. Or better yet, walk down to the lobby and speak to someone in person. While travelling, it’s also always wise to use a Virtual Private Network (VPN), especially if you are using public Wi-Fi. VPNs encrypt your data and mask your IP address, making it harder for scammers or other third parties to track your activity and access your personal or financial information. The BBB also recommends using its Scam Tracker tool to check which fraud schemes are active in the area where you are headed. If you do experience a scam, you can report it to the BBB to help protect others from falling victim.