Sign in Subscribe
Cybersecurity

How Travel Scams Work

Learn how travel scams work and how to protect yourself when booking holidays online. Spot phishing attempts and stay safe with expert tips.

Jonathan Evans

3 min read
A scenic picture of the Dolomite mountains in the background against a strong blue sky
The Dolomites from Madonna Di Campiglio on a sunny morning

The nostalgic days of going down the high street to book your holiday or hotel are mostly gone except for few hardy or specialist firms. In their place we have a spectrum of platforms Airbnb, TripAdvisor, Expedia and Booking.com to cater for all our tastes and styles. This revolutionary change has not only affected travellers, hotels and airlines but also the criminals and how they operate.

Platforms and hotels under attack

The platforms are not only used by travellers but also by the hotels providing accommodation. Behind the scenes hotel staff are looking after the administration. The hotel staff are just people and equally susceptible to phishing scams as anyone else. When this happens, the hackers have access to all the information shared with the hotel – this includes traveller personal information, itinerary, room bookings and payments made.

How scammers target you

Armed with this information the attackers can craft a targeted message either via email, WhatsApp or other messaging system. Given they know everything about you and your booking the message looks very real and genuine. There are two things to note. The first is that the hotel (aka hacker) is now communicating directly with you and not via the platform whether its Expedia, booking.com or some other site. The second is that there is usually a link that looks legitimate but isn’t. It may have the letters ‘expedia’ or ‘booking-com’ in it to give the illusion of legitimacy but it’s just a trick.

Scammers are after your money

If the criminals have all my information, what are they after? The criminals are looking to monetarise the stolen information. They don’t currently have payment related information such as your credit card number or the security verification number on the back.

Travel scam prevention

Strong indicators that you are dealing with a cyber-criminal include:

  • suspicious messages such as an unexpected cancellation, a refund or a fine
  • problem with your room the day before you are due to arrive (making it urgent)
  • fake offers or discounts that sound too good to be true
  • request for credit card details over text, WhatsApp, email, Facebook or other social media platform
  • a problem with your payment that requires further verification
  • unexpected phone calls

What to do if you are targeted?

If you are concerned about a suspicious message:

  • remember not to use any of the contact details in the message itself
  • do not click any of the links
  • do not scan any QR codes (they are the same as links!)
  • do not open attachments

If you are using a mobile phone to read emails the first thing to do is to view the message on an Ipad, tablet, Mac or PC. This sounds odd but it may provide you with more information simply because the screen is bigger. Bigger screens can display full email headers and provide better visibility of links.

If you still have doubts, contact the company or hotel directly through their customer service team - do not use the email you received to find contact details!

What can you do to help?

If you are convinced you have received a scam email forward it to report@phishing.gov.uk and forward scam texts to 7726 in the UK.

When you do this the details can be shared to allow better protection to be delivered to stop others being targeted. The more people do this the better it is for everyone! There have been over 40 million scams reported since the launch of this scheme back in 2020 so you're in good company.

Other countries should have their own reporting methods.

Other steps to protect yourself

  • Most sites support 2FA (2 factor authentication) or MFA (multi-factor authentication) - its free so use it
  • Keep your computer, tablet and mobile phone up to date with updates
  • If you're still on Windows 10 it's time to consider upgrading to Windows 11
  • Use a password manager, they are a great way to keep track of your passwords and websites

What should you do if you've been scammed

  • Stop all communications with the scammer, do not appeal to their good side - they simply want your money and don't care how it affects you.
  • Contact your bank using the contact details on your bank card or if you are in the UK dial 1-5-9 and ask to be put through to your bank.
  • Finally report it to the police - in the UK that's through the Action Fraud web site www.actionfraud.police.uk they have lots of further great advice for you.

Stay safe on-line and have a scam free journey!

About IT Security Locksmith

IT Security Locksmith specialises in board level training and consultancy.

To find out more about our capabilities please click here.

Our services page showcases the types of services we offer.

Click here to contact us for a no obligation initial consultation.

#HolidayScam #ExpediaScam #BookingcomScam #HotelScam #TravelScam #OnLineBookingScam

Sign up for more like this.

Enter your email
Subscribe