Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Top 5 Holiday Booking Scams

title 1

about the author

With the summer season fast approaching, holidaymakers are heading online to check out the latest travel deals and get their summer holidays booked up. Unfortunately, they’re not the only ones!

This is one of the busiest times of the year for cybercriminals as they launch targeted holiday booking scams to dupe holidaymakers into buying fake flights and holidays.

According to a recent report from the Association of British Travel Agents (ABTA), Action Fraud, and Get Safe Online, cybercriminals stole more than £7 million from 5000 holidaymakers in 2018. The average amount lost per person was £1,380, and the most common types of fraud related to the sale of airline tickets (53%) and accommodation bookings (25%).

The figures represented an increase in both the number of victims and the amount lost compared to 2017, when 4,382 victims reported losing £6.7 million. It’s likely the figures could be even higher than reported as some people may feel embarrassed that they’ve fallen for a scam, or they simply don’t know who they should report it to.

To trick victims into buying fake flights and holidays, the crooks will use a host of different tactics including; fake websites, phishing emails, false advertising and scam phone calls. Often as soon as the booking is made, the fraudsters will disappear with the money and victims will be left without a holiday, or in the worst-case scenario, stranded in another country.

Top Holiday Booking Scams

1. Airline ticket Scams

airline ticket scams

There’s been a huge increase in fraudsters peddling fake airline tickets. These scams have become particularly prevalent across social media and Action Fraud have noted an upsurge in phone-based scams from con artists pretending to be from reputable travel companies.

Worryingly, in some of the reported scams, the fraudsters appear to know that the victim has been searching for flights online. It’s suspected that at some point, the individual has entered their personal details into a fake travel website. Victims are then offered a heavily discounted price for their flight and because they believe the call is genuine, they are tricked into making a payment.

After paying for their flight, some victims have reported receiving confirmation emails but further correspondence with the travel company has revealed the flights are non-existent.

When possible, you should use a credit card to book travel arrangements as it offers additional protection over other forms of payment. Some travel companies may levy a surcharge for credit card payments but it’s worth having an added layer of protection should something go wrong.

You should also make sure that your travel company is a member of a recognised trade association like ABTA or has an ATOL logo and number. ATOL is a Government guaranteed protection scheme for UK tour operators and protects over 28 million consumers each year.

2. Fake websites

Fake websites

Fraudsters are increasingly cloning websites to trick consumers into thinking they are booking through an official site. The website will appear legitimate, however subtle changes to the web address will indicate that it’s not a registered site. A web address that ends may be changed to a .net or it simply may not display as expected. It’s always worth double checking the address of a site to confirm its authenticity. Other red flags to look out for include simple spelling mistakes, broken English, grammatical errors or low-resolution images.

If you’re booking a holiday with a company or website that you’re not familiar with, do some extra research to ensure they are reputable, and they are who they say they are. Google reviews of the accommodation, pay close attention to photos and make sure they are a member of a recognised travel authority with financial protection in place. There’s a good chance that if a company has defrauded people in the past, consumers will have posted warnings about the company online.

3. Fake Accommodation listings

Fake Accommodation listings

It’s unbelievable how slick and sophisticated these fake accommodation listings have become. Using images of luxury villas and apartments, the crooks can successfully lure potential victims into their trap. Most of these listings will be fake, but some will be images of real properties taken without the owner’s knowledge. France, Spain and Orlando tend to be the most heavily scammed holiday destinations, although the fraudsters will often cast their net wider to make as much money as they can.

Once they’ve reeled their victim in, they’ll send a link to a convincing payment page, where they’re directed to transfer money. A common tactic is to pretend that a credit card payment hasn’t gone through and then ask the victim if they can make a bank transfer instead.

You should be highly suspicious if the only payment option provided is a bank transfer. Reputable booking sites will never ask consumers to pay via this method. This is a clear sign that no bank has provided credit card facilities and that if you’re dealing with a fraudster, there will be no way of claiming your money back.

You should always study the terms and conditions and be very wary of any companies that don’t provide paperwork. If you book a flight or holiday accommodation online, you should always receive a confirmation document detailing the travel arrangements and the amount of money paid. Keep a record of all documents in case any problems should arise.

4. Unsecured Wi-Fi

Unsecure wifi

Whether it’s in an airport, hotel or coffee shop, most holidaymakers will hook up to free public Wi-Fi at some point during their trip. Fraudsters know that people are on the move and will typically want quick and easy access to Wi-Fi without spending too much time fussing over security settings.

This provides them with the ideal opportunity to launch their scams without arousing suspicions. By setting up free Wi-Fi networks in airports, the crooks can gain access to the personal information of pretty much anyone who joins the network. They can then steal valuable information such as login details, passwords, credit card information or use the unsecured network to spread malware.

In a recent survey conducted by McAfee, 62% of respondents said they had connected to Wi-Fi in an airport and 49% in a hotel. Almost half said they did not check the security of their internet connection or would connect to an unsecured network despite repeated pop-up warnings.

If you must use Wi-Fi when you’re away on holiday, there are a number of precautionary measures you should take:

  • Make sure your Wi-Fi connection is secure
  • Use a VPN to encrypt your data
  • If you can connect straight away without being asked for a password, disconnect immediately
  • Turn off file sharing
  • Enable your firewall
  • Do not make any financial transactions on public Wi-Fi or reveal any personal identifiable information

5. Fake event tickets

fake event tickets

The summer marks the start of the festival season and a surge in fake event tickets. Tickets for these high-profile events sell out quickly and unscrupulous sellers are waiting in the wings ready to scam individuals desperate to get their hands on the coveted tickets.

According to recent research by Barclays, more than a quarter of millennial festival-goers have fallen victim to a ticket scam, losing on average £179. Fraudsters will often launch their scams on social media or create bogus websites to convince their victims that tickets are legitimate.

If you’re trying to secure tickets for any of the ‘must see’ events this summer, always check with the event organiser for official ticket distribution lists and never buy from unauthorised sources. You should also check to see if the ticket includes the block, row and seat details.

If you do choose to buy tickets from an individual, never transfer the money directly into their bank account. Use a secure payment site such as PayPal, which transfers money safely between two electronic accounts.

When making payments online, always check to see if the site is encrypted. Look for the padlock and the web address in the browser should begin with a ‘https’.

MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our products directly address the specific challenges that arise from cyber threats and corporate governance by making it easier for users to engage in Cyber Security and compliance. Get in touch for further information on how we can help transform Cyber Security awareness within your organisation.

you might enjoy reading these