Security Update: Phishing Emails and Booking Information

Last updated: 6th June 2026

We recently identified a security incident that resulted in some customers receiving scam emails and WhatsApp messages relating to their booking with Glen Nevis Holidays. The most recent messages ask guests to confirm their booking with us by following a link to a fraudulent payment page.

We have now completed the main phase of our investigation and are confident that we have identified the cause of the incident and secured the affected systems.

This page provides the latest information and guidance for customers.

What happened

Some customers received phishing emails that appeared to relate to their booking with Glen Nevis Holidays.

These emails used genuine booking information and directed customers to fraudulent websites designed to take payment.

Following a detailed investigation, we confirmed that the incident was caused by malware on one of our office computers. This allowed an unauthorised third party to gain access to booking information through a legitimate staff login session.

Because this type of attack can hijack an already authenticated session, it can bypass normal protections such as password changes and two-factor authentication (2FA).

What information may have been affected

The information potentially accessed includes:

  • Customer name

  • Contact details (email address and/or phone number)

  • Booking dates

  • Booking value

We do not store payment card information within our booking system.

Bookings made prior to 22nd April 2026 for stays from 1st Aug 2025 may have been affected.

What we have done

We took immediate action to contain the incident and secure our systems, including:

  • Isolating the affected computer

  • Removing the malware and rebuilding affected systems

  • Resetting booking system access and enforcing two-factor authentication (2FA) for all users

  • Terminating active sessions and removing any potentially compromised access

  • Working with independent IT specialist

  • Reviewing system access logs to understand the scope of the incident

  • Reporting the incident to the Information Commissioner’s Office (ICO) and Police Scotland

  • Working to identify and take down fraudulent websites and email accounts connected to the scam

Current position

We are confident that the source of the compromise has been identified and that the affected systems have been secured.

The main known scam websites have now been restricted or flagged as phishing sites, and known scam activity has been significantly disrupted.

However, scammers may still attempt to create new websites, email addresses or messages using previously obtained information, so customers should continue to remain cautious.

What you should do

If you have a booking with us:

  • Your booking remains valid and unaffected

  • Be cautious of any email asking you to confirm or pay for your booking via a link

  • Our legitimate online payment/login page is:
    https://glen-nevis.campmanager.com/21585/Login/

  • If you are unsure about any message, please contact us directly using the details on our website

If you receive a suspicious email or message:

  • Do not click any links or make any payments

  • Forward it to hello@glen-nevis.co.uk with the subject line “Scam”

  • Block and report the sender where possible

If you believe you may have responded to a scam or shared financial information:

  • Contact your bank immediately

  • Let us know the details

  • Report the incident to Police Scotland

Contact us

If you have any questions or concerns, please contact us:

hello@glen-nevis.co.uk
01397 702 191

Ongoing updates

We will continue to provide updates here if any significant new information becomes available.