I’ve been writing about travel for over a decade. I’ve never seen scams evolve this fast. Here are 7 Travel Scams Going Viral Right Now. Learn how to spot them before they spot you!
I got pick pocketed in Barcelona back in 2017 — crowded train, backpack worn like a neon sign that said: “please rob me.” I figured that was my one bad travel story. Turns out it was just the warm-up.
Tired and distracted travellers have always been easy marks — that part hasn’t changed. What has changed is that the person trying to rob you might not be in the same country as you. Or won’t be a person at all. Fake booking sites get built in minutes. Deepfake voices pick up customer service calls. QR codes quietly drain bank accounts while you’re still deciding between the pasta and the fish. McAfee estimated total losses from AI-powered travel scams at around $13 billion last year. Victims are losing an average of nearly US$ 1,000. each. And it’s not just inexperienced travellers getting caught out.
Here are seven that are spreading fast right now. Some are high-tech. Some are embarrassingly old-school. All of them are working.
1. The QR Switch
You’re at a little place in Paris, you scan the menu QR code, and somewhere across the room a laptop lights up with your card details. You haven’t even ordered a drink yet. QR codes are on everything now, menus, transit signs, museum entry gates — and that’s exactly what makes them such easy cover. The trick — now widely called “quishing,” short for QR phishing — is almost insultingly low-effort.
A scammer prints a sticker with a dodgy code and slaps it over the real one. You scan it, land on what looks like a payment page, type in your details, and that’s that. They don’t even need to be in the building. Before you scan anything, check whether the code looks like a sticker instead of something printed directly on the card. Run a fingernail along the edge — you can usually feel it. And if scanning a restaurant menu somehow leads to a page asking for your card number, close it immediately. Menus don’t need your Visa info.
2. The AI-Powered Fake Booking Site
You Google a hotel, land on a clean, professional-looking site, read a handful of glowing reviews and book. Confirmation email pings straight back. Everything feels completely normal. Then you show up at the hotel, and there’s a laundrette where the lobby should be.
The villa looks incredible. The price is just low enough to feel like a deal, but not so low that it trips your alarm. The reviews mention specific things — the view from the terrace, how helpful the host was. All of it was written by a machine. You pay. You fly. You arrive. Nothing.
Always type the address yourself rather than clicking through from an ad or an email. Scammers build URLs like “Airbnbb.com” or “expedia-support-deals.net” — close enough to miss on a quick glance. And if every single review on a listing sounds weirdly upbeat and says nothing specific, that’s a machine. A real guest will mention the noisy air conditioning or the five-minute walk to the beach. Bots don’t.
3. The Viral Pickpocket
If you’ve spent any time on travel sites on YouTube, you know him — the man in London striding through a crowd, pointing and yelling “Attention pickpocket!” he became a meme. He also became, completely by accident, one of the more effective public safety campaigns in recent memory. Because he’s right. Pickpocketing never went away — it just stopped being interesting enough to write about for a while. Phones are the main target now. Small, expensive, and you’re already holding yours out in front of you, photographing a fountain.
Paris runs a more theatrical operation. At Sacre-Cœur, a man approaches with a piece of string and ties it around your wrist. Before you’ve properly registered what’s happening, they call it a friendship bracelet, and then demand €20 to take it off. While you’re flustered and arguing, his partner has already been through your bag. It sounds like something from a bad travel comedy. It happens every single day. Any unsolicited physical contact in a tourist area — a bracelet, a handshake, someone pressing a rose into your hand — is a distraction. Something is being taken while your attention is somewhere else. Bag in front, phone in a front pocket, keep walking.
4. The Fake Taxi
It’s midnight. You’ve just landed after nine hours in a middle seat. Your bag took forty minutes to come out, and all you want is to get horizontal. Someone walks up to you in the arrivals hall, says “taxi?” and holds up a phone showing something that looks close enough to the Uber logo. You’re too tired to look closely. That’s the whole setup. Once you’re in, the meter climbs in ways that don’t add up. A “toll” appears. A “late-night surcharge.” A detour that somehow adds twenty minutes to a ten-minute ride. Some drivers skip the subtlety entirely and just name a cash price. The end fare bears no relationship to anything.
Book through the app, check the plate before you get in, and if anyone approaches you unsolicited, just walk past them. Real drivers wait for the app to send them a passenger. They’re not out there trolling the crowd.
5. The Phishing Email (Now With AI)
The email looks completely legitimate. Your airline’s logo, the right font, a booking reference that actually matches your trip — pulled from a data breach or lifted from something you posted on Instagram. It says there’s an urgent problem with your flight. Click here to sort it. You’re tired, you’re travelling tomorrow, and your stomach drops a little. That’s the whole plan. The anxiety is the product.
Research by SoSafe found that one in five people fall for AI-generated phishing emails. The old tales are basically gone. No broken English, no sender address from a server in the middle of nowhere, no obvious desperation. These things are polished. The moment an email tells you to act within the next ten minutes, that’s your cue to do the opposite. Open a new tab, type the airline address yourself, and log in. If there’s actually a problem with your booking, it’ll be right there. If there isn’t, you just avoided handing your card to a criminal.
6. The “Grand Palace Is Closed” Redirect
You’ve walked twenty minutes in the heat to reach a temple or palace, and a man near the entrance shakes his head with great sympathy. “Closed today, he says. Special ceremony. Government holiday”. Very bad luck. But — and here his face brightens — he knows somewhere even better. This one runs deep across Southeast Asia and parts of the Middle East. The tuk-tuk version ends at a gem shop where you’ll be sold worthless stones at spectacular prices. The more ambitious version involves being told mid-ride that your hotel has “closed” or your booking is somehow “invalid” — then being delivered to a fake government tourism office where a man in a very nice shirt sells you a brand new itinerary at three times what anything actually costs.
The Taj Mahal does not close for a Tuesday cleaning. The Grand Palace does not shut for a random Buddhist holiday with no advance notice. Check the official site on your phone before you engage with anyone outside the gates. And remember: the harder someone works to redirect you, the more money they make when you arrive wherever they’re taking you.
7. The Fake Customer Service Agent.
This one is the most unsettling thing I’ve come across in years of writing about travel. You get a text saying your flight has been delayed. You call the support number — which you found in the text, because why wouldn’t you — and you’re connected to a calm, helpful agent. They know your name. They know your itinerary. They walk you through the rebooking process and mention a small processing fee. You pay it. Later, you find out the charge was false. The agent wasn’t a person. It was an AI voice — trained on real customer service recordings, completely indistinguishable from the real thing. It answered your questions, handled a complaint, and adjusted its approach mid-conversation. There’s no accent to clock, no script to detect. It just sounds like someone doing their job.
Never use a phone number from a text or email to contact your airline. Find it yourself — on their website, on the back of your card, in your original booking confirmation. That one habit is a complete defence against this scam.
Your Best Protection Costs Nothing
Every scam on this list runs on the same fuel: urgency. The pressure to act before you’ve had a chance to think. Scammers don’t need to be smarter than you — they just need you to be in a hurry. So the most useful thing you can do, anywhere in the world, is pause. Just pause. Ten seconds is usually enough to hear the alarm bell you’ve been ignoring.
The world is still a genuinely brilliant place to wander. Most people you meet on the road are curious, generous, and completely uninterested in your credit card details. But the ones who are interested? They’ve never been better equipped. Pack your scepticism alongside your passport. It weighs nothing, takes up no space, and right now it might be the single most valuable thing in your bag.
Bill Muir
Rolex Victory In Geneva. A 2026 Grand Slam Beckons 
World Class UFC 5 Action at Galaxy Arena Macau 
