From cheeky chargebacks to cyber fraud: Scams that cost the industry $$$$$

Running an accommodation business is already a challenging endeavour. Operators are required to juggle guest satisfaction, property maintenance, owners’ investments, and their own financial stability. On top of that, an age-old but increasingly insidious threat looms—fraudsters targeting the sector.

In our tech-driven society, scammers are finding ever more sophisticated ways to exploit vulnerabilities in online bookings, payment systems, and daily operations—leaving operators scrambling to protect their businesses from financial loss, operational disruption, and reputational damage.

This article was originally published in the latest edition of Resort News. Read it HERE.

From malicious chargeback fraud and fake bookings to phishing attacks, the threats are very real, and very costly. Resort News spoke with industry experts, accommodation managers, and technology providers to uncover the most common scams affecting the sector and most importantly, how businesses can safeguard against them.

Scams on the rise

Jill Hooper, Managing Director and Founder of Good to Book, has raised concerns about a troubling trend in the industry. “Malicious guests are exploiting the system, leaving fake reviews for properties they never stayed at, committing identity theft, and even securing chargebacks from banks, forcing properties to refund their stays in full,” she told us.

Good to Book is a members-based platform dedicated to connecting travellers with reputable accommodations, aiming for a more trustworthy booking experience for both parties. By maintaining rigorous standards and ongoing monitoring, the platform fosters transparency and reliability in the sector.

According to Jill, data from Good to Book’s reports over the past month highlight alarming patterns. Identity theft, credit card fraud, and malicious chargebacks account for 42 percent of reported cases. In 10 percent of cases, properties were forced to issue a full refund due to chargebacks, resulting in a complete financial loss. Additionally, 26 percent of reports involved guests leaving without settling outstanding fees.

Jill attributes the rise in rogue guest behaviour to several key factors. First, a lack of guest accountability means fraudulent guests often face minimal consequences for chargebacks and unpaid fees.

Secondly, increased guest anonymity, enabled by booking platforms with little to no identity verification, makes it easier for scammers to exploit the system. The growing prevalence of instant bookings further exacerbates the issue, as automated reservations create loopholes that fraudsters are quick to take advantage of.

With fraud on the rise, Jill stresses the need for stronger verification processes, staff training to identify suspicious activity, and tighter collaboration between operators and booking platforms to bolster security protocols. Taking proactive steps now, she says, is essential to protect the industry from further loss.

However, while data-sharing can be a powerful tool in preventing fraud, it must be handled carefully. Unless there is clear guest consent or a legal obligation, operators must not share personal guest information with other establishments. Doing so risks breaching the Privacy Act 1988, potentially resulting in serious penalties, formal complaints, and reputational damage.

Platforms like Good to Book are able to legally share certain guest information between accommodation providers because they operate under a transparent system of user consent and clearly stated terms of service. Guests who use the platform agree to these terms upon booking, allowing for secure and lawful information-sharing within a closed network of trusted providers.

Common scams

Malicious chargebacks

Chargeback fraud—often referred to as ‘friendly fraud’—is one of the most frustrating and financially damaging scams, particularly for small business owners.

It occurs when a guest disputes a legitimate charge with their bank, falsely claiming they never authorised the transaction or that they did not receive the service they paid for. In many cases, these disputes stem from no-show bookings, misunderstandings about cancellation policies, or outright deceit.

Banks have the authority to initiate chargebacks and withdraw funds from an accommodation’s trust account when a guest disputes a transaction. The process is regulated by major card networks such as Visa and Mastercard. Banks often act in favour of guests due to strict consumer protection policies.

When a chargeback is filed, funds are automatically pulled from the accommodation provider’s merchant account and temporarily refunded to the guest.

Accommodation providers do have an opportunity to contest chargebacks by supplying evidence proving the legitimacy of the charge, including booking confirmations, signed receipts, cancellation policies, and proof of service delivery. However, if the bank sides with the guest, the chargeback is upheld, and the business permanently loses the funds.

Chargebacks don’t just impact an operator’s bottom line. They can trigger penalties from banks, increase a business’s chargeback ratio, and even result in stricter financial policies, potentially limiting the operator’s ability to process future transactions. If chargebacks become a recurring issue, payment processors may impose higher transaction fees or even refuse to do business with the property altogether.

Trevor Rawnsley, CEO, Australian Resident Accommodation Managers Association (ARAMA) confirmed that he is aware of members’ concerns about fraud, especially malicious chargebacks. However, he says in today’s world we are all vulnerable to scams—and it’s the responsibility of all of us to stay vigilant.

“If you’re ripped off once, shame on the scammer. If it happens again in the same way, shame on you,” he famously puts it, relating to scams that are preventable and avoidable.

He urges all members to implement and follow strict processes for handling guest transactions. Identification should always be verified to ensure it matches the credit card being used, and every step necessary should be taken to confirm the guest’s identity.

“Think of the first incident as a learning experience,” he says, “and put safeguards in place to make sure it doesn’t happen again. A thorough registration and sign-in process, along with a clear security deposit policy, are essential.”

Trevor also reminds members that having “shonky procedures” and falling victim to scams doesn’t just impact your business, it also harms unit owners. He adds that nothing sours a manager’s relationship with owners faster than preventable financial losses.

Given the manager’s responsibility to their investors, Trevor says it is crucial to implement preventive measures, respond swiftly, and have strong evidence to minimise risk.

To strengthen protection, Trevor recommends working closely with your Property Management System (PMS) provider and suggests completing the free government-backed online course, CyberWardens, which offers practical advice on cybersecurity in the workplace. Also, the Australian Government has a scam watch and reporting link:-  https://www.scamwatch.gov.au/report-a-scam

How to minimise chargeback fraud:

• Clearly communicate cancellation and refund policies to guests to avoid disputes.
• Verify guest identity at check-in and require pre-authorisation on credit cards.
• Use secure payment processing systems and fraud detection tools to flag suspicious transactions.
• Maintain detailed transaction records, including digital check-in logs, signed agreements, and CCTV footage, to provide strong evidence in case of a dispute.

Despite these precautions, chargebacks often catch managers off guard. In many cases, by the time a manager becomes aware of a chargeback, they have already paid the unit owner. This means the manager is left to absorb the full financial loss.

Fighting chargeback fraud: One operator’s perspective

Marion Simon, owner-operator of Boulevard North, describes chargebacks as “legalised theft”—a broken system that penalises hardworking management rights operators while allowing fraudulent guests to take advantage of loopholes.

“Running an accommodation business is already a delicate balancing act and a constant challenge,” she says. “Most guests are wonderful, but some are difficult, and a few are outright dishonest.”

One of the most frustrating aspects of chargeback fraud is guests who knowingly enjoy their stay but later dispute the charge—essentially stealing a free holiday, she says. But it gets worse: Marion has tracked repeat offenders, or “career chargebackers”, who systematically move from one resort to another, exploiting the system to score free stays.

She has encountered one such “serial scammer” who has targeted several businesses in Broadbeach and Surfers Paradise, successfully disputing charges and securing full refunds.

“He had the audacity to try and rebook at Boulevard North after putting through a chargeback that we were fortunate to win,” she revealed.  “When he tried to book for the second time, we politely told him he was not welcome. He wasn’t concerned and strutted out of the building like a peacock!

“Having proof of several malicious chargebacks makes it possible to report it to the police, however, chargebacks do not hold any major priority—the police are so busy.”

From her experience, Marion says scammers often favour same-day bookings and after-hours check-ins, hoping to bypass standard verification steps. Many also use stolen or fake credit cards, which can be difficult to detect.

Yet, banks require extensive proof to dispute chargebacks, including video footage of check-ins, signed documentation, and evidence that the guest physically presented their card, despite legally prohibiting operators from photocopying cards as proof.

To combat chargeback fraud, Marion relies on Resly, her reservations and trust accounting platform that also integrates with Good to Book.

But for Good to Book to be effective, operators need to report fraudulent behaviour, Marion stresses. “We must stand together as an industry to stop scammers in their tracks.”

Fake booking scams

Fake booking scams involve fraudsters using stolen credit cards to make reservations and then initiating chargebacks or cancellations. In some cases, fraudsters create fake group bookings and attempt to secure refunds through alternative payment methods, bypassing the original transaction. These fraudulent activities result in financial losses, not only from reversed transactions but also from penalties imposed by OTAs and banks.

To reduce the risk, operators should be cautious with large or unusual bookings, verifying them directly over the phone when necessary.

Implementing deposit requirements for high-value reservations can help deter scammers, while working closely with payment providers to detect and flag suspicious transactions adds an extra layer of security.

Phishing attacks on hotel staff and guests

Cybercriminals frequently target accommodation businesses by sending fake emails that appear to be from hotel management, online travel agencies, or suppliers. These scams are designed to deceive staff into revealing sensitive information or authorising fraudulent transactions.

Falling victim to such schemes can result in significant financial losses, data breaches, and the exposure of guest information, damaging both revenue and reputation. To counter this growing threat, staff should be trained to recognise phishing attempts and verify requests.

Using official domain emails and multi-factor authentication adds more protection, while strict protocols should be in place to ensure that payment details are never updated or shared via email.

A manager’s cautionary tale: How one click led to a major security breach

A Queensland accommodation manager who wishes to remain anonymous shared their stressful cyberattack experience with Resort News as a warning to other accommodation providers.

“It all started when one of our staff clicked on a phishing email,” they recalled. Hackers gained access, monitored keystrokes, and used the compromised email account to launch their own attack, sending malicious emails to 5600 people worldwide.

Fortunately, Resly helped contain the breach, reset passwords, and provided templates for notifying affected guests. The IT team uncovered a hidden email folder where scam emails were stored to avoid detection.

The manager’s advice? “NEVER click on an email link unless you’re 100 percent sure it’s legitimate. Always check with IT first.”

Fake OTA listings and website fraud

Scammers often create fraudulent websites that closely resemble legitimate OTAs or hotel booking platforms, deceiving guests into making reservations that do not exist. As a result, unsuspecting travellers arrive expecting accommodation, only to discover that their booking was never made, leading to frustration, reputational damage, and financial loss for both guests and hotels.

To combat this issue, remain vigilant by routinely searching for fraudulent listings and taking immediate action when fake sites are discovered. Encouraging guests to book directly through official hotel websites helps minimise the risk, while reporting fraudulent sites to authorities and domain registrars can aid in shutting them down before they cause further harm.

Overpayment scams

Exploiting stolen credit cards is another common scam.

Fraudsters use stolen cards to make hotel bookings and deliberately overpay, later claiming this overpayment was an innocent mistake. Then, they request a refund via bank transfer rather than to the fraudulent credit card. Once the transaction is reversed, because the original payment was fraudulent and no funds were received, the hotel is left at a loss. This scam not only results in direct financial damage but can also lead to legal complications.

To prevent such fraud, always process refunds through the same payment method used for the original transaction, ensuring that large payments are verified before approving any refunds. Waiting for transactions to clear before issuing refunds provides extra protection and reduces the risk of falling victim to these deceptive tactics.

Fake reviews and extortion scams

Some individuals threaten hotels with bad online reviews unless they receive refunds or free services. Others leave fake negative reviews to damage a competitor’s reputation.

To manage this, always monitor and professionally respond to reviews, keep a record of guest complaints to challenge fake claims and encourage satisfied guests to leave positive reviews.

Gift card and voucher fraud

In this trap, scammers impersonate suppliers, staff, or even hotel executives to request gift cards for an accommodation property. Some fraudsters use stolen credit cards to buy gift cards and resell them online.

To fight this, it is advised that you implement strict verification for gift card requests, train staff to recognise fraudulent refund requests and avoid issuing gift cards via email.

Protecting your business from scammers

The financial impact of fraudulent activities is severe. Globally, the hospitality industry generates an estimated US$3 trillion of revenue annually. In 2022, the Association of Certified Fraud Examiners estimated that between five and six percent of this annual revenue is lost to fraud. That amounts to US$150 billion in direct loss of revenue.

Managers must stay one step ahead of the trend, says Samuel Steel, Co-Founder, Resly.

His key advice? “The first step is to be proactive. Perform a security review today to identify any vulnerabilities before scammers can exploit them.”

Focus on four key areas:

• Access control: “Review who has access to your systems and ensure only authorised personnel can make changes.”
• Two-Factor Authentication (2FA): “If you’re not using 2FA, implement it immediately. Adding a second layer of security makes it significantly harder for scammers to gain unauthorised access.”
• Staff awareness: “Your team is your first line of defence. Make sure they’re trained to recognise phishing scams and suspicious activity. A well-informed staff member can prevent a security breach before it happens.”
• Incident response plan: “Have a clear, written procedure in place for dealing with scams or cyberattacks. Make sure it’s tested and effective so that, if an incident occurs, your team knows exactly how to respond.”

If you’ve been scammed, act quickly to limit the damage, Samuel urges. “The first step is to identify the threat—whether it’s a phishing attempt, a fraudulent booking, or a data breach.”

Once the nature of the attack is clear, act fast!

• Contain the breach: “Shut down access to compromised systems, reset passwords, and revoke permissions for any suspicious accounts.”
• Communicate openly: “If guests or staff are affected, notify them immediately and provide clear instructions on any steps they should take.”
• Investigate and prevent future attacks: “Work with your IT team to determine how the breach happened and put stronger security measures in place to stop it from happening again.”

“Prevention is always better than reaction,” Sam adds. “Being proactive makes all the difference. Strong security measures, staff training, and a quick response plan can protect your business from unnecessary financial and reputational damage.”

Moving forward

The battle against fraud requires a proactive approach.

As Jill Hooper emphasises, the data speaks for itself—fraud is rising, and operators need better tools to defend themselves.

Trevor Rawnsley, stresses the importance of accountability. While scammers are becoming more sophisticated, managers must stay vigilant and adopt stronger security measures.

Marion Simon reinforces the importance of collective action. “We need to stand together to stop scammers from draining our industry,” she says.

Ultimately, vigilance and caution must become second nature to us all. Online scammers are getting smarter, and dishonest people come from all walks of life, even happy holidaymakers! Learn to spot the red flags, and if something seems even slightly out of the ordinary, don’t take the risk.

Read the latest issue of Resort News!