If you’re looking forward to a dream holiday, then watch out for a sophisticated new scam that could risk it turning into a nightmare.

Consumer Protection’s WA ScamNet team is warning travellers about unexpected messages from their accommodation providers seeking additional credit card verification, as it could be the work of scammers who have hacked into the hotel’s computer system.

This two-pronged scam begins with the scammer targeting a hotel by posing as a genuine customer who needs help with downloading some ‘important’ information regarding an upcoming stay. They might claim to suffer from allergies to cleaning products and need the hotel to cross-reference the substances used, or they could ask for a map they’ve created to be printed off for their technology-challenged parents.

Whatever the excuse, the endgame is the same – once the hotel employee downloads the malware-infected documents, the scammer will have full access to their sensitive information, including login credentials, financial details and contact information for their other customers.

That’s when the scammer ups the ante by sending a convincing message to the hotel’s future guests asking for additional credit card verification as soon as possible via a fake booking link.

With the message originating from within the hotel’s own booking system – and it being about a genuine upcoming trip – WA ScamNet is concerned that even the most scam-savvy consumers could be more inclined to hand over their credit card details than they otherwise would.

While this is a very sophisticated scam, consumers can beat the scammers by following WA Scamnet’s usual advice to protect against malware and phishing. This includes to avoid clicking on unexpected or unsolicited links, even from trusted businesses. Instead, contact the company directly at an official email address or phone number to confirm the veracity of the message. Do not rely on contact details in an unexpected message.

Be suspicious of messages encouraging you to act quickly and never enter personal or banking details into any website unless you are certain it is genuine and you have checked the URL carefully for indicators of deception.

If you have provided your financial information through a suspicious link or in response to an unexpected message, contact your financial institution immediately and follow their guidance on securing your finances.

To report a scam or get further assistance, contact WA ScamNet by making an online report at www.scamnet.wa.gov.au or call 1300 30 40 54.