Fake Luxury Hotel Booking Scam Busted in Delhi: Haryana Man Arrested for Targeting Upscale Travellers

New Delhi — In a major crackdown on cyber fraud targeting elite travellers, the Delhi Police Cyber Crime Unit has busted a sophisticated fake hotel booking scam operating through forged websites and payment gateways. A 25-year-old man from Haryana, identified as Rohit Malik, has been arrested for orchestrating the con that tricked several high-end tourists into paying for non-existent luxury hotel reservations across India.

According to officials, Malik created replica websites of well-known five-star hotel chains and lured unsuspecting customers with steep discounts. Victims were defrauded through forged email confirmations and UPI QR codes, resulting in losses running into several lakhs of rupees.

How the Scam Worked: A New Breed of Cyber Con

The investigation began after multiple complaints were filed with the Delhi Cyber Crime Unit in early June, alleging fraudulent hotel booking confirmations. Victims claimed they had booked stays at top-tier hotels in cities like Mumbai, Jaipur, Udaipur, and Goa, only to find upon arrival that no such bookings existed.

According to Deputy Commissioner of Police (Cyber Cell) Priyanka Kashyap, the accused used cloned websites with URLs nearly identical to official hotel portals. These pages featured professional-grade design and integrated fake customer support numbers, through which the accused personally communicated with victims posing as a hotel executive.

“The accused created fake email addresses using domains that mimicked the hotels’ official domains. After convincing customers over WhatsApp and fake helpline calls, he sent fabricated booking confirmations,” said DCP Kashyap.

Payments were collected using UPI QR codes linked to multiple bank accounts under fake names, making initial detection difficult.

The Arrest: Digital Trail Leads to Haryana

Following a detailed digital footprint analysis, police traced the IP logs and transaction records back to Malik’s rented accommodation in Faridabad, Haryana. During the raid, officials seized multiple SIM cards, fake Aadhaar IDs, cloned websites hosted on offshore servers, and several mobile phones used to communicate with the victims.

The arrest was made under sections of the Indian Penal Code (IPC) related to cheating, impersonation, and forgery, along with provisions under the Information Technology Act, 2000.

Authorities revealed that Malik was tech-savvy and self-trained in web development, allowing him to build credible replicas of hotel websites that passed casual scrutiny.

Victims and Financial Damage

At least 18 confirmed victims from major cities including Delhi, Bengaluru, and Hyderabad have come forward so far, with the total fraud amount exceeding ₹14 lakh. The police believe the actual number of victims could be significantly higher, as many individuals may have dismissed the experience as personal error or avoided filing complaints due to the minor monetary loss.

One of the victims, Ritesh Arora, a Delhi-based entrepreneur, said he had booked a ₹32,000 weekend stay at a luxury resort in Goa. “The email had all the right branding, and the customer service number even gave me a reservation ID. It was only when the hotel front desk couldn’t find any record that I realized I’d been conned.”

Wider Implications for Travel Industry and Consumers

This scam has shed light on growing concerns regarding cybersecurity in the travel and hospitality sector, especially as more Indians opt for online bookings through third-party aggregators. The Delhi Police has issued a public advisory urging citizens to verify official hotel websites, avoid making payments via UPI or personal bank transfers, and use verified aggregators such as Booking.com, MakeMyTrip, or Goibibo.

Cyber law experts suggest that this type of scam represents a new wave of digital deception that combines phishing tactics with social engineering.

According to Pavan Duggal, a Supreme Court cyber law expert, “The moment a website requests payment via QR codes or personal UPI IDs instead of secured payment gateways, it should raise red flags. The lack of digital literacy among users continues to be a vulnerability.”

Delhi Police Action and Future Steps

The Cyber Crime Unit is coordinating with financial institutions and the National Payments Corporation of India (NPCI) to track any remaining accounts used for collecting funds. Hotel chains affected by the scam have also been notified to strengthen domain security and alert customers about fake platforms.

Police have urged victims to come forward, even if the fraud amount was small, to aid in quantifying the full extent of the crime.

Public Advisory: Always cross-check URLs for authenticity. Legitimate hotel websites will never ask for payments through third-party UPI QR codes. Use payment gateways that offer fraud protection.

Conclusion: A Wake-Up Call for Online Travellers

As India’s digital economy grows, scams like this serve as a stark reminder that cyber awareness must go hand-in-hand with convenience. For every innovative tech advancement, there are bad actors seeking to exploit user trust. With the arrest of Rohit Malik, authorities have dismantled one link in a larger network, but the fight against online fraud remains ongoing.