Going on vacation soon? Stay one step ahead of travel scammers

Cyber Security

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels

As the mercury rises and we look forward to vacationing in sunnier climbs, it’s also time to keep one eye peeled for internet scams and cyberthreats. Travel fraud is one of the biggest money-makers for cybercriminals. In 2022 alone, over 62,400 victim reports were filed with the US Federal Trade Commission (FTC). At a median loss of $1259 per victim, US$104 million in total was unwittingly handed over to scammers that year. And that’s just the reported cases.

Experts believe that as the cost-of-living crisis bites, bargain-hunting travelers will be even more susceptible to these scams. Let’s check some of the main scams to watch out for this summer holiday season.

8 common threats preying on travelers

A new report from fraud reporting center Action Fraud warns that over £15 million was lost in the past financial year in the UK alone, a 41% year-on-year increase.

According to the UK travel agent trade association ABTA, the most common types of holiday booking fraud involve accommodation, airline tickets, sports and religious trips, and timeshares and vacation clubs. Scammers set up fake websites, post fake ads on websites and social media, and sometimes offer cheaper deals by using hacked rewards accounts or hijacked cards to pay for them.

Here are some of the most common fraud types and other threats to watch out for:

1) Bogus free vacations

Victims are contacted via unsolicited emails, calls or texts claiming they’ve won a vacation through a prize drawer they never entered. If they reply, the scammers will ask for a fee to unlock their ‘free’ vacation, perhaps to pay taxes owed. Of course, there is no prize and the fraudsters pocket the cash.

2) Clone sites

Phishing emails, texts, and calls and/or online ads might also lure victims into visiting fake airline, vacation or comparison sites designed to impersonate legitimate ones. Victims are sent fake confirmation emails or booking references, meaning many only realize they have been scammed when they get to the check-in desk.

3) Discounted tickets/vacations

Cybercriminals sometimes offer heavily discounted deals on vacations, flights, hotels and other packages. In this case, the tickets may be legitimate but the reason they’re discounted is because they’ve been purchased with stolen cards or hijacked loyalty accounts. They may be advertised via social media, spam emails or even robocalls. Victims risk having their stays cut short when the fraud is discovered.

4) ‘Help’ with international travel documents

Some sites purport to help victims secure a travel visa, passport, international driving permit, or other documents. They may impersonate government websites like at run by the U.S. Department of State website. However, they charge extremely high fees, including for services that are usually free. And the resulting document is more than likely to be a fake.

5) Fake rental homes

There’s a growing trade in privately rented vacation homes, advertised online. But scammers often insert their own listings on legitimate rental or classifieds sites. These properties either don’t exist, aren’t for rent or will be doubled booked when you turn up. Consider booking your rental home via dedicated reputable sites that offer protection against fake listings.

6) Charter flight scams

Scammers also use private plane hire packages, often bundled with accommodation, to lure victims. Once again, they’ll take the money and run, leaving you high and dry.

7) Wi-Fi threats

The risks don’t end once you’re on the road. If you’re at an airport, a café or other public space while on the road, resist the urge to log into your banking or other valuable accounts using the free public Wi-Fi – at least unless you also use a reputable virtual private network (VPN) service that encrypts your connection and shields you from whoever may want to steal your personal data.

Why is it better to avoid free Wi-Fi? Because it may be a fake hotspot set up by cybercriminals looking to eavesdrop on your web browsing session to steal passwords and personal/financial data. Even if the hotspot is legitimate, hackers may be lurking on the same network to spy on your online activity. Or they may hack the network to distribute malware.

8) Juice jacking

Travelers should also be on the lookout for USB charging threats, also known as “juice jacking.” Here, criminals typically load malware onto publicly available charging stations or cables that are left plugged in at the stations. Using them will result in the victim’s device being compromised with malware designed to hijack the device and/or steal data and passwords.

How to stay safe this vacation season

There’s plenty you can do to stay clear of the above scenarios. Remember the following:

  • Do your research: check online for travel companies, hotels, rentals, and travel agents to see if others have been scammed.
  • Never reply to unsolicited communications. If you want to follow-up on an ad, contact the organization directly, and never via the contact details in the email/text/ad.
  • Don’t pay with wire transfers, gift cards, crypto or money apps like Cash App as these offer no protection for the buyer. Once the money’s gone, it’s gone.
  • Check the URL of any site you visit to ensure there are no typos in there indicative of a spoofed site.
  • Double check a seller is ATOL protected, to mitigate the risk of any losses from air tickets.
  • Be cautious: if something sounds too good to be true, it usually is.
  • Don’t visit dark web sites offering heavily discounted vacations and tickets.
  • Don’t use public Wi-Fi without a virtual private network (VPN) and avoid using public charging stations on the road.

Summer is the most wonderful time of the year for holidaymakers. But remember it could also be a boon for scammers and cybercriminals. Stay safe online, and have a great vacation!

Products You May Like

Articles You May Like

Synnovis Attackers Publish NHS Patient Data Online
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models
The long-tail costs of a data breach – Week in security with Tony Anscombe
My health information has been stolen. Now what?
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Leave a Reply

Your email address will not be published. Required fields are marked *