Cheap trips, costly consequences: A Saily x NordVPN study exposes buy-for-you travel fraud

Key takeaways

• Criminals use stolen credit cards to book real flights, hotels, and rentals, then resell those bookings at 40-60% off on underground markets.

• The buy-for-you market is mature and service oriented. Operators run orders on Telegram, advertise on forums, rely on a third party to hold payments, use bots, and build their reputation through positive reviews.

• Popular services include hotels, flights, and car rentals, alongside delivery and shopping coupons for Uber Eats, DoorDash, Amazon, and other services. Mixed packages are common.

• Buyers risk canceled bookings, account locks, ghosting after payment, and even police inquiries, while cardholders face unauthorized charges, small test purchases that escalate, and account disruption during bank investigations.

• Fraudsters lure people from public posts, blogs, coupon sites, email, and unsolicited DMs to Telegram to close sales. You should only book travel arrangements through trusted channels such as the airline, the hotel, or a reputable online travel agency, and avoid ads with unrealistic discounts on flights, hotel stays, or car rentals.

Important: Saily doesn’t endorse fraudulent buy-for-you services and strongly discourages making any purchases through them. Please note that using Saily for illegal activity is strictly prohibited and violates our Terms of Service. Make sure you use Saily in compliance with all applicable laws and regulations, as well as the terms of any websites or services you access using Saily.

What is buy-for-you travel fraud?

Buy-for-you (B4U) travel fraud describes the deceptive practice where criminals, often operating on hidden forums and Telegram markets, use stolen payment card data to book legitimate travel services. They then resell these services — like flights, hotels, and car rentals — at significantly reduced prices.

The name “buy-for-you” reflects the mechanism: The seller places the booking on your behalf and delivers the ticket, reservation, or coupon as the end result. You usually provide only traveler details (for example, passenger name, dates, and contact information), while the payment comes from a card that is not in your name.

These illicit operations function by mimicking legitimate booking platforms, with sellers acting as dark web travel agents. They might also offer adjacent services such as cruises, rides, or bus and train tickets. Often, these fraudsters impose minimum order requirements and short booking windows, typically just a few days.

“Feasts,” a dark web buy-for-you storefront, advertising discounted flights, hotels, vacation rentals, car rentals, and rides. Flights are listed at 40% off with a minimum order threshold and a short booking window. Screenshot retrieved by NordStellar.

How do these dark web agencies operate?

B4U vendors use Telegram groups to run daily operations. These vendors process orders, post listings, use bots, and collect “vouch” messages — public, verifiable feedback from prior orders that functions like reviews — to build reputation.

Forums function as advertising hubs where sellers promote B4U services. Discounts typically cluster around 40-60% off retail, which makes offers look enticing to bargain hunters. Offers far beyond that range often act as bait, especially when a seller pushes “no escrow” or “deposit first.”

Most B4U listings fall between 40% and 60% off.

In many B4U deals, escrow is a market-specific trust tool: A third party holds the buyer’s funds and releases payment only after a booking is delivered, which reduces disputes between the buyer and the seller. Some actors try to bypass escrow to run exit scams where they collect payments from multiple buyers and then disappear without delivering services.

Crypto and cash apps dominate payments because they settle quickly, offer limited chargeback or buyer protection, and are harder to trace or reverse — all of which helps criminals keep the proceeds once a booking goes through.

What people actually buy

Across observed posts, hotel bookings rank among the most common services, followed by flights, with Airbnb and car rentals also present. Outside travel services, delivery and shopping coupons are another major category, including brands such as Uber Eats, DoorDash, and Amazon.

Travel and non‑travel services often appear in the same package, which makes offers look convenient and increases order value. Researchers note that sellers often use low‑cost orders to collect vouches that build credibility before moving buyers to high‑value bookings.

Why criminals target travel services

Travel scams appeal to criminals because high-priced ticket bookings can pass as normal spending. “Because travel purchases are typically high value and can resemble legitimate spending, they may not be flagged right away on a credit card statement. That gives scammers more time before fraud is reported and the card is canceled,” says Marijus Briedis, chief technology officer (CTO) at NordVPN. 

B4U activity rose as travel returned after the Covid-19 pandemic, then fluctuated with platform bans, rebrands, and moves to private channels — shifts that reflect migration between channels rather than a genuine decline in activity.

Risks for buyers and cardholders

Buy-for-you travel fraud harms both sides of the transaction. Buyers risk canceled bookings, chargebacks that lock their accounts, and ghosting after payment when no escrow is used. They can also face identity checks or police inquiries if a merchant flags a fraudulent reservation.

Cardholders may face unauthorized charges, small test purchases that escalate to flights or hotels, account disruption while banks investigate, and potential data exposure if the stolen card came from a broader breach.

“If your credit card details have been included in a data leak, they could be used to buy someone else a vacation,” says Vykintas Maknickas, CEO of Saily. Many notice the fraud only when unfamiliar charges show up on their statements, which delays response and increases loss.

How people get lured to B4U storefronts — and how to avoid it

Buyers fall into two camps. Some know these offers are illegal and accept the risk for cheaper travel. Others do not realize bookings are made with stolen cards until cancellations or investigations begin. Fraudsters target both groups.

They seed “insider” deals in public spaces — social media posts, blogs, coupon sites, forums, cold emails, and unsolicited DMs — to build interest, then steer new customers to Telegram or other hidden channels to close the sale. Criminals add time pressure with limited-time offers, which pushes buyers to skip due diligence and ignore red flags.

To protect yourself and others from B4U travel scams:

• Book services through trusted channels. Use the airline, hotel, or a reputable online travel agency.

• Verify the seller. Check the domain, legal entity, refund terms, and independent reviews.

• Be skeptical of steep discounts. Avoid offers with unrealistic discounts altogether, regardless of escrow or other assurances.

• Use safe payment methods. Pay with credit cards that offer chargebacks. Avoid crypto, gift cards, and cash apps for travel purchases.

• Stop the pivot. If the seller asks you to switch to Telegram or another app to pay, don’t proceed.

• Report and block. Flag suspicious posts and messages to the platform and block the sender.

How to protect your credit card details

Online shopping convenience comes with risk — criminals can steal your payment card data and use it to fund someone else’s flights or hotel stays. Follow the tips below to reduce that risk and spot problems early.

• Monitor your accounts. Regularly review bank and card statements. Turn on real-time transaction alerts in your banking app so you see charges as they happen.

• Act fast on suspicious charges. Report unfamiliar charges immediately. Even small test purchases can be early warning signs that a criminal is checking if your card works.

• Strengthen account access. Use strong, unique passwords for your bank, email, and shopping accounts. Enable two-factor authentication to add a second layer of security.

• Limit where your card is stored. Avoid saving payment cards across many websites. Delete stored cards you no longer use.

• Check for data exposure. If a company you use reports a breach, change your password and watch for unusual spending on your cards.

Enjoy safer browsing with the Saily eSIM app

Saily is the only eSIM app with built-in online security features.

Download Saily

Methodology

NordVPN and Saily researchers collected posts from dark web forums and Telegram groups from 2021 to 2025 using the keywords “B4U,” “Book for you,” and “Travel.” They removed exact duplicates and applied AI-assisted filtering to keep only relevant B4U travel services. The final dataset included 913 items.

Disclaimer: Saily and NordVPN are not endorsed, maintained, sponsored, or affiliated with any of the brands mentioned. Brand references are included solely to report on platforms most frequently discussed in connection with buy-for-you travel fraud.