Mumbai Luxury Hotel Guests Targeted by Scammer Through Fake Payment Links

An unidentified cyber fraudster has come under police scrutiny after attempting to scam guests of a luxury hotel in Mumbai by sending fake payment links in the hotel’s name, officials said. The incident, which surfaced late last month, has raised concerns over the growing misuse of messaging platforms to target unsuspecting travellers and tarnish the reputation of established hospitality brands.

The case came to light on November 30, when a guest staying at the Trident Hotel in the Bandra-Kurla Complex alerted hotel staff about a suspicious message he had received. The message referred to a room booking and included a payment link, prompting the guest to verify its authenticity with the hotel. Upon checking their records, hotel authorities confirmed that no such message or payment request had been sent by them and immediately advised the guest not to click on the link or share any personal or financial details.

Following this initial alert, the hotel began monitoring the situation closely. Over the next few days, nearly 20 more guests reported receiving similar messages, all of which appeared to be crafted to look like official communication from the hotel. The repeated complaints suggested a coordinated attempt to deceive guests by exploiting the hotel’s brand name and the trust associated with it.

An internal inquiry by the hotel revealed that the fraudulent messages were being circulated through WhatsApp from a profile operating under the name ‘Kokonuts’. The profile allegedly contacted guests individually, sending payment links under the pretext of confirming or completing room bookings. While no financial loss has been officially reported so far, hotel officials noted that the intent appeared to be clear — to trick guests into making payments or sharing sensitive information.

Concerned about both guest safety and reputational damage, the hotel management approached the police and lodged a formal complaint. On December 15, the Bandra police registered a First Information Report (FIR) against an unknown person under relevant sections of the Bharatiya Nyaya Sanhita, including Section 319(2), which deals with cheating by personation. Provisions of the Information Technology Act have also been invoked, given the digital nature of the offence.

Police officials said that investigations are currently underway to trace the origin of the WhatsApp account and identify the individual or group behind the scam. Cyber experts are analysing call records, IP addresses and digital footprints associated with the fraudulent messages. Investigators are also examining whether similar scams have been reported at other hotels or hospitality establishments in the city, indicating a wider pattern.

The incident highlights a growing trend of cyber frauds targeting hotel guests, particularly those staying at premium properties. Fraudsters often rely on leaked data, online bookings or publicly available information to personalise their messages, making them appear legitimate. In many cases, scammers use brand names, logos and professional language to gain credibility and pressure victims into making quick payments.

Hotel officials reiterated that guests should remain cautious and verify any payment-related communication directly with the property through official contact numbers or email addresses. They stressed that reputable hotels typically do not send payment links via messaging apps unless explicitly requested by the guest through verified channels.

Cybercrime experts also advise travellers to avoid clicking on unsolicited links, especially those received through WhatsApp or SMS, and to report suspicious messages immediately. Enabling two-factor authentication, limiting the sharing of personal information online and staying alert to spelling errors or unusual sender names can help reduce the risk of falling victim to such scams.

As digital transactions become increasingly common in the hospitality sector, authorities and industry players alike are calling for greater awareness and stronger safeguards. The police have urged anyone who may have received similar fraudulent messages to come forward and assist in the investigation.

While no guests at the Trident Hotel are believed to have suffered financial losses in this case, officials warn that such scams are becoming more sophisticated. The ongoing investigation is expected to shed more light on the methods used by the fraudster and help prevent similar incidents in the future.