ARC has developed information that at least two websites from U.S. travel agencies have been spoofed by a fraudster likely operating from Russia.

The fraudster copies the graphics from legitimate agency websites and pastes those graphics into his own website to appear genuine. It is ARC’s belief that the fraudster’s websites do not have a booking capability, but are created to make the fraudulent website appear legitimate if a hotel employee attempts to verify their agency information.

The fraudster then contacts hotels via email posing as a representative from the legitimate U.S. travel agency to book stays for his own customers, but will use compromised credit cards to pay for the hotel stays.

Characteristics of the Scheme

  • This fraudster creates a website and email domain similar to that of the legitimate agency, though with a “-“ (dash) within the domain address:

Legitimate site: *

Fraud site:

  • Graphics from the legitimate agency website are duplicated on the fraudster’s website.
  • Spoofed websites were registered in Russia.
  • Customers who stay at the hotel properties are primarily Russian.
  • Fraudster targets hotels and car rental companies throughout Europe.
  • Fraudster communicates via email from a domain that appears very similar to the legitimate agency email address.
  • Compromised credit card information is emailed to the hotel to pay for the customer’s room.
  • Photoshopped images of a U.S. passport may be emailed to the hotel.
  • Photoshopped images of the front and back of credit cards may be emailed to the hotel as well.

* These are generic representations of how the fraudster takes a legitimate email address and creates his own by inserting a hyphen within the address. Enter the domain name into to determine when the website and/or email domain was created.

If your agency name, email address or website have been spoofed by a fraudster, please contact ARC’s risk management team at 855-358-0393, or send an email to