For Families & First-Time Travelers

Summer Travel Scams 2026: The Five Patterns Hitting Travelers This Summer

Published May 12, 2026 · 8 min read · By the ScamDrill Team
Editorial cover graphic titled ‘Postcard Mirage’ on a deep navy field with a rotated cream postcard showing a sun-faded gradient and a faint magenta MIRAGE rubber stamp, plus three torn receipts labeled FAKE LISTING, TOLL TEXT, and AI-FAKED PROPERTY

Three weeks before Memorial Day weekend, a couple in our local Facebook group lost $2,400 on a beach rental in Destin that turned out to be someone else’s photos pasted into a stolen listing. They paid by Zelle because the “owner” said Vrbo was holding deposits for too long this season. The host page went dark forty-eight hours after the wire cleared. Three other families had paid for the same week.

Stories like that one are going to keep coming. The FTC’s Consumer Sentinel Network logged a record $15.9 billion in reported fraud losses in 2025, and Americans are now staring down a peak booking window with both more travel and more sophisticated scams than the summer before. McAfee’s Safer Summer Travel Report found that more than 25% of Americans have been affected by a travel scam — and one in five fell victim during the booking process itself.

Here’s the playbook for what’s happening this summer, what the data actually says, and the small set of habits that will save you a vacation.

5.2M Americans who lost money to a rental scam in a single 12-month window, per a 2025 Apartment List survey. Average loss: $2,071, up 21% year over year. Forty-three percent of victims never recovered the money.
Source: Apartment List 2025 Rental Scam Survey; FTC Consumer Sentinel Network, December 2025.

The Summer Scam Atlas

FIG. 01 / THE SUMMER SCAM ATLAS / IC3 2024 ScamDrill scamdrill.com Where the scam reports come from. Per-capita cybercrime complaints filed with the FBI’s IC3 in 2024. Travel-scam victims cluster in the same places. COMPLAINTS PER 100K (2024) 125 ~270 915 National median ≈ 215 per 100K ME VT NH WA MT ND MN WI MI NY MA OR ID WY SD IA IL IN OH PA NJ NV UT CO NE MO KY WV VA MD DE CA AZ NM KS AR TN NC SC DC CT OK LA MS AL GA RI AK HI TX FL TOP 5 BY PER-CAPITA COMPLAINT RATE 01. Alaska 915 / 100K tech-support fraud skew 02. Indiana 342 / 100K data-breach + phishing 03. Nevada 328 / 100K · $8.2M/100K highest $-loss per capita 04. Delaware 267 / 100K imposter-led California $2.54B · #1 in $ 96,265 complaints Travel-scam volume by state isn’t published as a single table — the map above uses total cybercrime complaints as a proxy. Source: FBI IC3 2024 Annual Report · scamdrill.com

The five patterns to know

1. Fake vacation rentals — still the biggest

A 2025 Apartment List survey found that over 5.2 million Americans fell victim to rental scams in a single year, with the average loss jumping 21% to $2,071. Forty-three percent of online renters encountered a fake listing; 43% of victims never got their money back. People aged 18–29 were three times more likely than other adults to lose money — anyone who thinks this scam targets seniors should look at the data again.

Where the listings come from has shifted. The FTC’s most recent breakdown shows that in the 12 months ending June 2025, about half of reported rental scams started with a fake advertisement on Facebook, with Craigslist a distant second at 16%. Airbnb and Vrbo are usually where the listing eventually gets copied to give it the look of legitimacy. The scammer’s goal is to push you off-platform: “Pay by Zelle and I’ll send the keys directly. Vrbo’s fees are crazy this year.” Once the money is gone, so is the listing.

The three rules that cover most of it

2. AI-generated travel sites — the new wrinkle

This is the part that wasn’t true two summers ago. According to data published by McAfee in summer 2025, AI-powered travel scams surged roughly 900% year over year, with one in five Americans now getting scammed somewhere in the booking flow. The scams use image generators to produce photorealistic pictures of properties that don’t exist, then attach AI-written reviews and pricing tuned to undercut real listings by 12–18%.

The cleanest tell is a slightly off domain. We’ve seen listings on boooking.com, airbnh.co, and a long list of .xyz and .shop variants that screenshot beautifully and dissolve under inspection. If your booking confirmation tells you to verify on a domain you don’t recognize, take a breath, open a new tab, and go to the real site directly. This is the same defensive habit we wrote about in our breakdown of AI-driven neo-phishing: the surface is impeccable; the URL is the only thing that doesn’t lie.

3. Toll-text smishing — the road-trip tax

If you got “Your toll account is past due, click here to pay” in May, you are not alone. The FBI’s Internet Crime Complaint Center logged more than 2,000 reports about toll-text scams in 2025 alone, and the volume jumps every time school lets out and the highway miles spike. The texts spoof state systems (E-ZPass, FasTrak, SunPass, Peach Pass) and route you to a phishing page that captures your card.

The rule is the same as it was for the USPS package texts two years ago: real toll authorities don’t text. If you genuinely owe a toll, log into the toll authority’s actual app — never the text link — and pay it there. Forward the scam to 7726 (SPAM) and delete.

4. Fake passports, visas, and IDP sites

The pre-trip prep panic is its own scam window. The FTC has flagged a steady stream of fake International Driving Permit sites that look authoritative — embassy seals, government-style typography, an SSL padlock — but charge $150 or more for a worthless laminated card. Only two organizations are authorized to issue IDPs in the United States: AAA and the American Automobile Touring Alliance. Anyone else is selling you a souvenir.

The same logic applies to “expedited passport” services. If the site doesn’t end in .gov, you are not buying a passport, you are buying a phishing attempt with a delivery slip.

5. Recovery scams — the bill that comes after

The smartest scammers wait for you to be a victim already. The FTC has been warning about recovery-room fraud — calls and DMs from someone claiming to be a federal agent, attorney, or “fraud recovery specialist” who can get your rental money back for a small administrative fee. They have your story because you posted it on Reddit, or because they were the scammer in the first place and they’re double-dipping. There is no legitimate paid private recovery service for consumer scam losses. Report to the FTC and your card issuer; everyone else is a second scam.

When each scam peaks

FIG. 02 / THE SUMMER SCAM CALENDAR / MAY → SEP ScamDrill scamdrill.com When each summer scam peaks. Five threat patterns plotted across the booking-to-travel window. Bar opacity tracks reported volume; the dot marks each scam’s reported peak month. MAY JUN JUL AUG SEP Fake rental listings 5.2M victims · $2,071 avg loss PEAK AI-generated travel sites ~900% YoY · 1-in-5 hit PEAK Toll-text smishing 2,000+ FBI IC3 reports in 2025 PEAK Fake passport / IDP sites Spike with pre-trip prep PEAK Recovery / refund scams Targets earlier-summer victims PEAK YOU ARE HERE · MAY 12 The booking-prep scams (rental, passport) front-load May–June. Travel-day scams (toll texts, AI rebooking sites) ride July. Recovery scams chase the August wreckage. Sources: McAfee Safer Summer Travel Report 2025 · FBI IC3 · FTC Consumer Sentinel · BBB Scam Tracker · AARP

A five-minute pre-trip drill

Before any of this matters, give yourself five minutes the week you start booking:

  1. Reverse-image search every listing. Google Images and TinEye are free, and most fake listings collapse on the first try.
  2. Pay with a credit card, on-platform. Credit cards are the only payment method with real chargeback rights. Zelle, wire, and gift cards are scammer logistics.
  3. Save the real toll authority’s URL as a phone bookmark before you leave. When the inevitable smishing text comes mid-drive, you already have the legit one to hand.
  4. Tell your family about the recovery scam. If anyone in your house gets scammed in June, they’re going to get the “specialist” call in July. Pre-warn them so the answer is “no, thanks” before the question even lands.
  5. Plan one safe word. If you get a panicky “stranded in Cancun” call in a voice that sounds like your kid, the AI voice-cloning playbook we’ve published before will get you through it.

If you think you’ve already been hit

The defense isn’t fancy. Stay on the platforms, pay with a card you can dispute, and assume any urgency is a tell.

The bigger pattern

What is true across all five is that the technology has caught up to the targets. McAfee’s data point — one in five Americans scammed during booking — isn’t an outlier; it’s what happens when the tools to generate a convincing fake property listing drop from “Photoshop expert” to “free chatbot prompt” in two years. The defense is the same one that has stopped a thousand pig-butchering attempts and a hundred USPS smishing waves: stay on the platforms, pay with a card you can dispute, and assume any urgency is a tell.

That, and call your mom about the toll texts before her road trip next week.

Run a vacation-scam drill before you actually go.

ScamDrill sends safe, realistic fake-rental and toll-smishing simulations to your family on a rotating schedule — with a friendly teachable moment when someone clicks. It’s the cheapest insurance you’ll buy this summer.

Start free →

Frequently asked questions

What is the most common summer travel scam in 2026?

Fake vacation rental listings remain the largest single category. A 2025 Apartment List survey found over 5.2 million Americans lost money to a rental scam in a year, with an average loss of $2,071 (up 21% from the prior year). About half of reported rental scams start with a fake Facebook advertisement. The scammer’s playbook is to push you to pay off-platform via Zelle, wire, or gift card; staying on-platform on Airbnb or Vrbo with a credit card is the defense that works.

How much do Americans lose to travel scams each year?

McAfee’s Safer Summer Travel Report 2025 found that more than 25% of Americans have been affected by a travel scam, and 1 in 5 fell victim during the booking process itself. Among those affected, 13% lost more than $500 and 5% lost more than $1,000. The FTC’s Consumer Sentinel Network logged a record $15.9 billion in total reported fraud losses in 2025, of which travel-related scams are a meaningful and growing slice.

How do AI-generated travel scams work?

Scammers use image generators like Midjourney, DALL-E, or Stable Diffusion to create photorealistic pictures of properties or destinations that don’t exist, attach AI-written reviews and prices that undercut legitimate listings, and post them on real platforms or on lookalike sites. McAfee reported a 900% year-over-year surge in AI travel scams in summer 2025. The clearest tell is a domain that’s almost right but not quite (booklng.com instead of booking.com, .xyz or .shop instead of .com) and a request to pay by wire or crypto.

Are toll-text scams really tied to summer travel?

Yes. The FBI’s Internet Crime Complaint Center logged more than 2,000 reports about toll-text smishing scams in 2025 alone, and volume rises whenever interstate driving spikes. The texts impersonate E-ZPass, FasTrak, SunPass, and Peach Pass with nearly identical language and route victims to a phishing page that captures their card number. Real toll authorities don’t text. If you owe a toll, log into the agency’s own app directly and pay there.

How can I tell if a vacation rental is real?

Run the listing photos through a reverse-image search like TinEye or Google Images; scammers reuse real listings. Insist on paying through the platform’s own checkout (Airbnb, Vrbo, Booking.com) with a credit card, not Zelle, wire, or gift cards. Verify the property address on Google Maps and look for it on a second platform. If the host pressures you to pay off-platform because of fees, account issues, or urgency, that is the scam, not a workaround.

Keep reading

The USPS Text Scam: Why You’re Getting 10 a Week

The package-delivery smishing playbook that re-tools every summer for toll texts and rebooking confirmations.

The AI Voice Cloning Scam

The 10-second rule and the safe-word habit that defuse the “stranded in Cancun” call before it works.

5 Scam Trends Spiking in 2026

Task scams, toll smishing, AI voice clones, government impersonation, and recovery fraud — the five trends driving record losses.

Join our free newsletter to stay ahead of the scammers

Receive updates on monthly scam trends, along with best practices to protect yourself and those you care about.