Wednesday, June 24, 2026

Valyrian News Network

Understanding, Automated

Crime Cybersecurity

Flemish Hotel Guests Scammed in Sophisticated Phishing Wave

Valyrian News Network 4 min read

Flemish Hotel Guests Scammed in Sophisticated Phishing Wave

Hundreds of hotel guests across Flanders have fallen victim to a highly coordinated phishing campaign that exploits detailed booking information to pressure victims into making fraudulent payments. Scammers send urgent WhatsApp messages demanding payment within 11 hours, threatening automatic cancellation of the recipient’s hotel reservation, according to Het Laatste Nieuws.

How the Scam Works

The phishing messages originate from foreign phone numbers, primarily from the United Kingdom and Indonesia. What makes the scheme particularly dangerous is the level of personalization: victims are addressed by their full names, and the messages include exact arrival and departure dates along with official reservation numbers. This detailed knowledge has led many travelers to believe the requests are legitimate communications from their hotels.

Colin Dearman, owner of Hotel Astoria in De Haan, told HLN that his establishment has received hundreds of calls from concerned guests since late last week. “Fortunately, many of our guests were suspicious and contacted us immediately,” Dearman said. However, approximately ten of his guests clicked the fraudulent link and paid twice, losing amounts ranging from hundreds to thousands of euros each.

“That number of victims could be even higher because not everyone has contacted us,” Dearman added. “Those affected have lost hundreds to sometimes thousands of euros, depending on how long they are staying at our hotel.”

Geographic Spread

The phishing wave has affected hotels along the Belgian coast, including De Haan and De Panne, as well as establishments in Ghent and Antwerp. Some hoteliers report that the problem may extend beyond Belgium’s borders, though the full international scope remains unclear.

The Search for the Source

A critical clue has emerged: hotels using the online reservation system developed by Lighthouse, a Ghent-based software company, appear to be disproportionately affected. Lighthouse’s system connects hotel administration to online booking platforms such as Booking.com. Notably, guests who made reservations by phone have not been targeted, suggesting the breach occurred somewhere in the digital booking technology chain.

Lighthouse has launched an investigation in collaboration with an independent forensic specialist. In an official statement, the company said: “As one of the many links in the hotel sector, we launched an investigation as soon as we became aware of these latest phishing attempts, to determine whether the problem is specific to Lighthouse or one of our products.” The company noted that its preliminary investigation has found no evidence of unauthorized access to its systems, but it continues to actively investigate every possibility.

A Broader Pattern of Hospitality Sector Attacks

This phishing wave is the latest in a troubling pattern of cyberattacks targeting the hospitality industry in the Benelux region. In March 2026, Bastion Hotels in the Netherlands suffered a data breach affecting approximately 6,000 guests after an employee clicked a phishing link. The stolen data was then used in a similar WhatsApp-based scam with a 12-hour payment deadline. In April 2026, Booking.com confirmed a data breach that exposed customer contact information, which cybersecurity experts warned could be combined with AI to create highly convincing phishing campaigns. And in September 2025, Van der Valk Hotels experienced a similar attack after employees at two locations clicked on phishing links.

All these attacks share a common modus operandi: an initial data breach, exfiltration of booking details, and secondary phishing via WhatsApp or SMS with urgent payment demands and short deadlines designed to pressure victims into acting without verification.

Industry Response

Tim Vissers, Managing Director of hospitality consultancy Hospecs, has launched an industry-wide inventory to identify all affected hotels, map the systems and connections they use, determine what data was stolen, and identify common patterns. The goal is to create a factual basis for collective action against responsible parties.

What Victims Should Do

Authorities advise anyone who receives a suspicious payment request to contact their hotel directly using the phone number from their original booking confirmation. Those who have already paid via a fraudulent link should immediately call Card Stop and contact their bank. Suspicious phishing messages can be forwarded to SafeOnWeb, Belgium’s official cybersecurity reporting platform.

What’s Next

The source of the data breach remains unidentified. Possible vectors include Lighthouse’s software systems (though preliminary investigations found no evidence of compromise), the Booking.com data breach from April 2026, compromised hotel employee credentials, or a third-party integration. As the investigation continues, travelers are urged to remain vigilant and verify any urgent payment requests through official channels before taking action.