Scammers Now Know Your Guests' Exact Booking Details.

June 1st, 2026 at 11:33 AM EDT

Subscribe Apple Podcasts | Spotify | YouTube | RSS

On Monday’s Good Morning Hospitality, A Skift Podcast, Brandreth Canaley, Michael Goldin, and Jamie Lane break down a week where the infrastructure of hospitality is being stress-tested from every direction.

The conversation opens with a sobering security story: scammers are using real guest reservation data to launch highly targeted phishing attacks, with at least 350 hotels and vacation rentals across 50 countries already caught up.

From there, the team digs into Mews and SiteMinder‘s new native integration, which is designed to break down the data silos holding hotels back from AI adoption, and closes with Expedia Group‘s partnership with IShowSpeed and what it signals about where Gen Z travel discovery is actually happening.

This episode is presented by ⁠⁠Cloudbeds⁠⁠ & ⁠⁠Bilt⁠⁠.

Watch This Episode

Transcript of This Conversation

This transcript is generated by artificial intelligence.

Good morning.

Happy Monday.

Best day of the week.

Best day of the week. It’s so great to see your beautiful faces this morning. How are you guys doing?

Good.

Had a good first week of summer down at Dolphin Island in the barrier islands of Alabama. Caught a bunch of fish and-

Yeah, I was gonna say, what’s the fish count?

More than we’ve ever caught. It was abundant, just nothing massive, unfortunately. But had a lot of highlight catches like a shark that make a seven-year-old very excited.

How was your beach vacation, Jamie?

Yeah, it was great.

We were over in Litchfield, South Carolina, so just north of Paulies Island. There was no fishing. There was lots of sand castling, playing the beach, boogie boarding, good waves.

But I did want to share there was a vacation rental drama at this week. I’m not sure if you ever dealt with this, Michael. We go the exact same week every year.

We’ve got like 80 family members all booking like eight homes, and next year, Memorial Day is moving back a week. And how the vacation rental companies work is you can book the same home for the next year as soon as your trip is over.

So you have to commit for the next year. But because Memorial’s Day is moving a week, we actually can’t book Memorial Day for next year based on the week that we are booking this year. So, so much family drama over what we’re going to do.

Did your family tell you to call Airbnb and tell them to fix it?

Well, this is all booked direct directly with the vacation rental management companies, of which I don’t even think they list on the OTAs.

So it’s a very company-specific issue.

I think that you could wield your STR powers. Do you know who I am?

Do you know who I am?

Well, hopefully, you guys can sort out. I love that. That’s like a huge, like a big, fun family, 80 family members is a lot to coordinate every year.

That’s a lot of homes all within walking distance.

And it is a big to do. So if we can’t get any homes, anyone has any potential destinations that we should go to with 80 family members, or we need to rent large number of homes and wants to drop that in the comments, feel free.

Maybe you could go down to Anna Maria Island. Someone on the show might have a hookup.

Hey, wow. You might know some people, Jamie.

You might know some people.

And Brandy, you look refreshed for Thank you. a long week of chaos, I’m sure.

Yeah, it was funny. I told the group that at the time of the show last week, I was going to be dancing somewhere and I sent at the group chat a picture of me dancing on a rooftop. I woke up for an early morning show.

But yeah, two days in a row, I did over 60,000 steps. It was really, really fun. So much dancing.

Detroit, I know people might think that that’s an odd choice, but if you go, the music is really, really incredible. The venues are beautiful and they’ve really done a lot to revitalize downtown. The only casualty has been that my voice totally went.

I went to dinner on Thursday night and was screaming at the person and basically no sound was coming out. So I’m really glad that I am here today with a semi-normal voice.

It’s fun yelling at a stranger across the table.

Yeah, yeah, exactly. Ideal scenario.

Well, welcome back, everybody. And hope all of our listeners had a good start to summer. And let the summer chaos begin for the STR operators.

5:37

Bilt Ad and Phishing

Yeah, well, before we jump into the first kind of chaotic thing that’s happening in our industry, want to give a shout out to our sponsor, Bilt.

They are helping restaurants and hotel F&B teams better understand their guests and create more personalized experiences that drive repeat visits.

So if you care about loyalty and guest experience, which I know all of you do, it’s definitely worth checking out. Head to joinbilt.com/gmh and you can find that link in the show notes. So our first article today is about scamming.

And the article from Wired, and I have to give a shout out to my boss, Wendy Glover, who sent this to the CETERA leadership team. But about scammers using hotel reservation information for more like personalized phishing attacks, which is great.

Spear phishing, which like, I mean, you really have to give like so many dad jokes.

But it’s, yeah, being basically kind of hacking and getting into reservation systems, especially from like smaller midsize companies that don’t have a ton of security protocols.

And then contacting guests with like the exact specific information for their stay, and essentially rerouting them in a way that’s going to separate them from their money.

It’s brilliant.

Brilliant.

Yeah.

I mean, it’s smart.

Especially if you think about the large and independent and all the short-term rental management companies. But if you go back and look at those emails, like it’s not that hard to replicate them, right?

And you could probably do it with a pretty simple AI prompt. And then if you have the exact details, what someone paid, like, hey, your credit card failed, could you put the new information in here?

And then take you to a page like, man, like, I think the broader industry is in trouble. And if scammers really push hard, the whole thing, though, is the ability to get reservation info.

So making sure that, yeah, as Paul says, phishing attacks are already sophisticated. This is terrifying.

Like this is mostly spearfishing that’s happening at the hotel or property management company level, where they’re able to get in, they’re all able to get information, and then go after all of your guests.

And it’s only going to get easier because of the vibe coding that goes into the PMS integrations. You know, there’s your back door. Wasn’t it Target that had a big incident because of light bulbs or something crazy?

Many, many years ago. Yeah, there’s some sort of smart light bulbs, and someone was able to do an attack through that system. So if these criminals could just focus on doing good, I mean, they’re obviously very smart and sophisticated.

Sounds like they know the hospitality industry. So I guess congrats to coming up with a great scam and good that all of us are now aware of it. We got to keep an eye on it.

Well, the thing is, people are not going to, this is kind of where I think about being a smaller operator, even like mid-size, like we don’t think about security often.

I mean, and I think a lot of times the people that push security, there’s a lot of pushback because it’s usually a lot of red tape or a lot of, it’s like it’s slowing down whatever the thing that you’re trying to do like the new project or whatever.

But then, I know there’s people listening where multiple people on their whatever log account all share a login and they don’t want to do two-factor authentication because it prevents that from happening.

But even just simple two-factor authentication is how you can slow some of this down. If you have 10 people sharing a login to get into your PMS or your CRM or whatever it is, this is maybe time to pay for the licenses.

Also, a great PSA around just because someone’s VibeCoded a cool app that connects into your PMS, and then has access to all your reservation system, you might want to double-check like, is this a real company?

Is this just something that you saw on Facebook that someone VibeCoded, and could it expose all your customer data with one connection?

Yeah, and you could be a really secure PMS, but if you let in some backdoor like a VibeCoded API, it can take the whole thing down. So not good for vendors. They’re about to go through a lot more security clearances and tests and all of that.

There’s some PMSs that are notorious for that in the industry already, but turns out, rightfully so.

Yeah, it’s funny because I’m a person that likes to try to get projects pushed through quickly, like let’s just do it, blah, blah, blah. And then I’m like, oh, you know.

Every now and then a story brings you back to Earth. Yeah.

Yeah, exactly.

There’s a reason why people that have been around longer are telling us to do things differently.

Slower and read and take care. And I think, I mean, there’s obviously things on the operator side that we can all do better.

But this is kind of in general, it’s not just in hospitality, but as consumers, we need to be increasingly more aware of what emails you’re receiving, what text messages.

I mean, we all get those ones that say like your tolls are overdue and they’re going to take your license and find you like $200,000 that are all coming from the Philippines.

But it’s like I was saying pre-show, like I bought something from Belgium a couple of months ago and I’ve been getting these texts from FedEx saying that I owe money. I’m like, this is obviously a scam and then it’s not a scam. It’s just the tariffs.

I do have to pay it. But it’s like I think you have to start conditioning yourself to question every email and making sure that you’re also being a smart consumer.

I claim that with all my bills when they call for collections, like, oh, I thought you were a scam. Sorry. Yeah, exactly.

I haven’t paid in a year because I just thought it was a scam.

So yeah, so just keep, I think there’s, hopefully with the increase in interesting products that we’re seeing around AI, we have now all these interesting scams.

Hopefully, there will be some more robust safety technology that also comes around as part of this advent so that we can keep ourselves safe, keep all of our data safe.

And we can all have more appreciation and patience for our internal IT teams that are telling us that we need to have some illegal documents in place, perhaps.

And I’ll just call this out as the big risk. I think the big risk ends up being that people only trust the OTAs because they have the systems in place.

And ultimately, it could erode trust with BookDirect if you’re not securing your systems, if people don’t feel confident, like, hey, is this website actually legit?

Where the OTAs, a lot of the reason why people like them is because the trust that they’ve sort of built with the consumer.

But an OTA can be spoofed as well, right?

And you look at the OTAs verse and someone’s vibe-coded website, which one would you trust?

Yeah. Well, I think we might be getting closer in the not too distant future. We’re in a weird transition phase, but where AI agents might be able to sniff out the challenges or the fraud better than we can.

So might have more trust in the computers, despite the computers being the one that’s creating the distrust. It’s a wild world we live in.

13:54

Cloudbeds Tech

It is.

Well, speaking of trusted brand, we have a new sponsor and that sponsor is Cloudbeds. Cloudbeds unifies your operations, distribution, guest experience and revenue marketing in one place, powered by Signals, Hospitality’s first foundation AI model.

Whether you’re trying to drive more direct bookings, cut training time or finally get your data working for you, Cloudbeds is built for what’s next. You can learn more at cloudbeds.com and you can also find that link in the show notes.

More trusted brands, trusted on trusted. Mews and SiteMinder are putting together distribution and operations together.

To be honest, I always forget that distribution within EMS is not like a standard across all these industries because I just always think that that should just be part of the package. But this is a great partnership talking about AI infrastructure.

I also thought this was a precursor to maybe an acquisition. So what are your thoughts on this new partnership?

You want me to go first? I see this is the inevitable evolution of PMS agent infrastructure. We need deep integrations for agents to take work on our behalf, especially on the channels.

Channel optimization is going to be a big part of what PMSs are going to be doing to make sure your listing is marketed in the right way across all the different channels that is going.

It’s not just going to be an API anymore of pushing a rate to that channel, pushing a description, pushing different things. It’s going to be back and forth in these deep integrations are going to be, I have to be integrated in this way.

I disagree in terms of that this is a step on terms of a acquisition. I think someone like SiteMinder is going to have to have this level of deep integration across all of the PMSs that they’re integrated with.

Mews is one of those ones that is trying to push forward in terms of agents. There’s a lot of them out there, Cloudbeds, and deep agent integration.

It’s a first step of what I think is going to be many announcements from companies like SiteMinder that have to be more integrated with the PMSs.

Yeah, I think this brings up the point of, on the short-term rental side, that we deal a lot with, where we talk a lot about why adoption might be a little bit slower, and I think the data quality has come up a lot.

In the article, they’re talking about how the first step is actually building the good infrastructure and having good data for all of these, just the agents to actually be able to access.

I think that is an important thing that we haven’t really figured out how to tackle in the short-term rental industry, because we have so much data, but it’s just scattywamp it is pretty all over the place, you know?

17:13

AI Data Readiness

Yeah, Brandy, I think it’s more than just we don’t have good data.

I think we actually have the potential to have significantly more data in the short-term rental space. And we had Jason Sankada on from Kismet last week.

And one of the examples given was how AI can look at photos and see that there’s two double ovens and two fridges in this house, which means it’d be a great property for a family like Jamie’s that’s having 80 people going up and down the street, you

know, trading fridges and ovens and whatnot. So we have the data, it just has to be structured, it has to be organized, and that’s what this partnership intends to do with Mews and SiteMinder.

And one of the interesting things that happened over the weekend that I sent out to the group too, is Verbo has emailed its customer base asking to go in and put in more information so you can be more AI ready.

It is a small step in the big pie, but it is a step, I think, in the right direction. And it gave you kind of instructions on tips of how to create a better, more agent-friendly listing.

Yeah, it’s funny because we were joking that, like, okay, now Expedia and Verbo, all these OTAs are trying to get us to do their homework for them, but it makes a lot of sense. And only you can go in and edit your listing, so it does make sense.

No, and that one, too, like, one, I think it’s great, and two, it is a huge AI infrastructure project in itself to create all this data that is needed.

And in some ways, like, there’s this debate around synthetic data versus sort of user-generated data, and, like, you don’t necessarily need me to go in and write a 40-word description on each one of my photos. Like, you should be doing that, right?

Like, you should be going and writing in, okay, this has a double oven, this is a GE, this is, like, generating all that content around my photos and not needing me to go in and do it for you.

They want you to use your tokens.

Lots and lots of tokens. At the end of this article, Adriana had a great line that I think puts a nice bow on where the industry is. The market is starting to split between platforms built for agents and those trying to retrofit systems piecemeal.

I think that’s a great summation of where the industry is now, and there’s going to be a pretty quick divergence. What the industry doesn’t like to do, and despite our co-host on the show changing PMSs seven times in how many years.

Who’s that?

Most people are really averse to change. I think until it really starts to stay at the bottom line, the friction is not going to be there, but ultimately long-term platforms that are agentic-friendly are going to end up winning out.

Yeah.

It’s interesting in this kind of like, I hate that everything’s called like a war or race or whatever, but in this landscape that we’re in of all these different OTAs, like different powerhouses and different industries, all trying to compete to be

the winner, and someone that you think is going to be the winner one week is not on top, it’s not next and like how the strategies everybody’s using, it’s all very interesting because what you think is like the strategy one week changes week to week.

And I actually, this is not travel related, but because I’ve been on like an anti-Microsoft crusade, I saw this bit about Co-Pilot and how only 3% of the users that have it pre-installed are actually using it, like even the people where it is like in

front of their face, no one is using Co-Pilot. And that’s also just like Microsoft is a huge technology leader and they couldn’t even figure out how to get people to use their product and figure out like AI, agentic AI correctly. So it’s interesting

to also watch these other traditionally hospitality brands or travel brands. Now they have to become experts in this, you know, very new technology that even some of the biggest players can’t really figure out right now.

Yeah, agreed. Microsoft is grossly lagging in the race, but we’re in the first batter in the first inning, right? This is so early.

Baby face.

And these platforms are jumping each other exponentially any time a new release is out.

So it doesn’t mean Microsoft will always be a laggard. They might jump into a pole position at some point, but we are still so early and all the changes, all of the standard protocols still aren’t even out.

So a lot of people are trying to figure out the best plays and Microsoft certainly has enough data to figure it out.

22:44

Expedia and IShowSpeed

Yeah.

And they’re not hurting on funds. But speaking of the big OTAs, Expedia is continuing their kind of creator forward, you know, momentum and that has partnered with IShowSpeed. Did you guys know who this was prior to this article?

I have heard of him, but I’ve never consumed his content.

Okay.

I’m not, I’m like the most, I’ve never felt more like an old woman because I don’t know who any of these TikTok people are. I don’t have TikTok. So, but the collaboration under the custom site Expedia, spelled with speed, genius, absolutely genius.

And it’s aiming at targeting this younger demographic, getting people more interested in travel, meeting them where they are, which is on TikTok.

And also it’s so fun that this kid just gets to go and travel and do his show and get it paid for, which is awesome.

I mean, he’s earning it too. The reach has got up to 400 million people on the live stream. So, on the live stream, it’s so great.

Yeah, maybe we should watch a show or two of his, but 400 million is an insane reach. And Jamie, you might have World Cup data, but it’s probably in the same league as a World Cup partnership or sponsorship in terms of eyeballs. So, very impressive.

What piggybacks on this even more was the TikTok partnership with the Expedia and booking a couple weeks back, and how not just the biggest of the biggest can monetize it, but even Jamie’s personal influencer account over at TikTok, that anybody can

monetize travel now is huge. And then the brands themselves, the OTAs are investing more money into the social platforms. Glenn Fogel said they’ve increased marketing spend on social channels by 25% year over year.

I mean, the amount of ad spend that booking puts out there already to increase a specific channel by 25% says all you need to know.

When I was reading the article, I had this recollection. It mentioned in there the Anthony Bourdain of the next generation. And we grew up, and I grew up as a high schooler watching what Rick Steves.

And then in the 20s and 30s, it was Anthony Bourdain. And now maybe it’s IShowSpeed of what’s going to introduce that next destination, that next idea of where you want to travel to. I think travel inspiration with media is huge.

It’s been like that for decades, and the next generation is on TikTok. I’m on TikTok. I’m part of that next generation.

Oh yeah.

You’re keeping us young, hip and cool here.

Yeah, I’m going to log in and see your dances.

Right. But I do see getting a brand partner. Imagine if booking was partnered with Anthony Bourdain and they were making everything he was going to bookable through the app or something like that.

This type of partnership, if you’re able to get in with someone that’s making a movement happen, it could be huge for them.

Yeah, I mean, White Lotus is ours.

The show drives enough, but the White Lotus cast themselves, as long as it’s not blocking their contract, can go pull the same type of partnership and people can get their stays through their favorite actor or actress.

Yeah, it’s funny also realizing, like, for so many years, it was like, oh, what do the millennials want? What do we cater to the millennials, blah, blah, blah, blah, blah. And now they’re like, okay, the millennials are hooked.

They’re going to do whatever they’re going to do. Now we don’t get any of the attention anymore. It’s like, what is…

And I kind of, I love that it’s like, how do we get the next generation, you know, interested in travel? What are they interested in seeing? And it is really interesting that you have to kind of, you can’t…

Even the biggest travel companies in the world cannot dictate what this generation wants. They have to kind of meet them where they are. And I love that.

There’s a little bit of a…

And do a lot of changes with agentic-friendly texts and social media and all that. So it’s no longer a pay-per-click marketing 101.

27:30

Marketing and Direct Bookings

Yeah.

And I think that’s also… I mean, think about all the different marketing budgets that are out there that, you know, you have for so many years, you’ve been able to figure out like, oh, I can spend this amount of money, X amount of return.

It’s been very stable. And I think that’s another part that’s about to get extremely disrupted. And obviously not just in our industry, but how do you budget for that?

Like how you… There’s just like kind of huge unknowns that are coming.

And are you just like, maybe it’s time to start A-B testing, like pulling back on some of your Google ads and see like, does your direct bookings actually go down or like, are you just throwing money into a big, you know, incinerator?

And that’s, you know, another part of this conversation is, what does this do for direct booking?

If like, if the powerhouses are TikTok and Expedia or booking.com and they’re the ones driving all the eyeballs, you said, yeah, we can have our link, but, you know, it’s really hard to outspend, like, these guys.

So you might have your personal link, but all 10 of Jamie’s followers are gonna, I’m just kidding, I don’t mean to, maybe you have more. There’s 20. Okay, okay.

All 20 of Jamie’s followers will have his affiliate link.

But like, if you’re a company that’s trying to drive meaningful direct bookings, like again, it is setting up another showdown of David and Goliath, where like the technology gap is going to be so huge, you know?

Yeah, Brandy, I think that’s in short-term roles, at least, the David and Goliath analogy is great. There’s the three major OTAs, and then there’s everybody else. And there’s some big brands over in Europe.

And there’s Vecasa, you know, was the largest, is the largest in the States.

But I think a lot of people are going to be looking to folks like you that are doing private equity roll-ups to build enough density, that can build, I don’t know, a soft brand or some sort of conglomerate that can challenge, never going to dismantle

Yeah, like make sure your websites are up to date, making sure that, you know, being able to direct resources in a way that allows you to at least like keep pace and not get not get left behind.

I mean, there’s still people out there with like websites from 2002. And, you know, honestly, those people are like the company that Jamie stayed with in South Carolina that aren’t on the OTAs that are somehow just like printing money.

Like I have special respect for those people for holding out. You’re doing Saturday to Saturday, whether you like it or not.

Yeah.

Do you want the week?

Otherwise, it’s gone.

And if you don’t book 365 days in advance, like good luck on finding something in the area.

Pay now in full.

Yeah, there’s no buy now, pay later here. Well, awesome episode, guys. What is on the agenda for you this week?

Same old, same old?

Same old, same old for me. I’m excited to get into a bit of a summer routine here, but yeah, nothing, no travels in the foreseeable future.

I’ve been on the road the past four weeks, so I’m looking forward to a week of no travel. Is that what Brandy says every show?

Yeah, and then you’re going to die when I say what I’m about to do.

Brandy, it’s June. You’re staying at home, right?

I’m staying at home for personal travel, but I cannot dictate my work travel. I’m going to New Jersey as soon as I get off this call. I have a meeting tomorrow, and then I’ll be there.

Are you going to the Skift Data and AI Summit in New York City this week?

I am not.

I would love to go, but unfortunately, my real job requires my attendance. Okay.

Well, Will’s going to the Data and AI Summit. If you’re in the same proximity.

Yeah. I’ll just scream from Short Hills, New Jersey over to Manhattan.

Across the river.

With my fully functioning voice.

In your short-term rental because they’re banned in New York.

Yes. Don’t tell anyone I’m saying in Hilton. Well, great to see you guys as always.

All of the listeners, especially Mr. Paul Manzi. Thank you so much for tuning in.

We will see you all next week.

Cruises

The Alaska Experiment That Could Reshape How Cruise Lines Navigate Wildlife

Alaska’s reputation as a bucket list cruise destination rests largely on its wildlife encounters, especially whale sightings. MSC Cruises is treating its first season in the region as a research opportunity, exploring how marine science can guide operations in high-density wildlife corridors.

MSC Cruises + Skift | 1 week ago

Airbnb’s Brian Chesky Is Creating an AI Lab

Is Brian Chesky development of a new AI Lab outside of Airbnb an acknowledgement that building AI capabilities within Airbnb hasn't been up to par? Or are some tech developments like AI too large to sit out without having more skin in the game?

Dennis Schaal | 16 minutes ago

Tourism

The U.S.’ Own Goal: Why World Cup Expectations Deflated

World Cup host cities were promised a once-in-a-generation tourism surge. The lift is real, but some cities’ results are well below expectations.

Bailey Schulz | 6 hours ago

Hotels

Why Hotel AI Keeps Cutting Costs Instead of Making Money

AI can't sell what hotel systems can't see. Until room-level data, guest behavior, and service pricing live in one connected system, the industry's AI gains will stay stuck on the cost efficiency side of the ledger.

Adriana Lee | 7 hours ago

Tourism

Canada Is Looking for a New Caribbean. Most Destinations Are Not Ready to Be Found

Canada's three winter sun standbys — the U.S., Cuba, and Mexico — are all in trouble at the same time. The Caribbean has never had a better opening. Most destinations are not ready to walk through it.

Oliver Martin and Emilie Ehrman | 8 hours ago

Share

Watch This Episode

Transcript of This Conversation