With summer officially here, many of us are now planning to escape on our hols, whether that’s enjoying a ‘staycation’ here in the UK or travelling abroad. Regardless of where you’re going, it’s important that you make sure you’re booking with genuine holiday providers, and not giving your hard-earned cash away to scammers.
Unfortunately, scammers are constantly finding new ways to deceive travellers, highlighted recently in a scam relating to ‘Booking.com’ a popular online travel booking platform.
So, how you can protect yourself from fraudsters and ensure your holiday remains stress-free and enjoyable?
How the scam works
In a recent case highlighted last year concerning Booking.com customers, partner hotels were targeted to obtain details of customers using the online travel agency, who were then emailed and informed that they had 24 hours to make payments.
During the initial phase of the attack, partner hotels used by an online travel agency are emailed by the hacker purporting to be a genuine customer. The email contains a malware attachment, which upon being opened allows the criminal access to details of all the hotel's customers using the online travel agency, as was the case in the Booking.com incident, which utilised a malware called ‘Vidar Infostealer’.
Having obtained the customers information, the second phase of the scam involves an email being sent to them asking for urgent payments to secure their booking or risk losing their reservation. The money is then inadvertently paid into the hackers’ account.
Signs of a scam
Now you’re aware of the scam, how exactly can you spot it, especially if it looks so real? Here are some key signs that a communication from an online holiday company might be fraudulent:
Unexpected payment requests
If you receive a message asking for additional payment to secure your reservation, be wary. Legitimate hotels usually handle all payments through a genuine companies’ website or app, and any requests for direct payments should be treated with caution.
Urgency and threats
Scammers will often use scare tactics to pressure you into making a quick decision. Of course, real businesses don’t do this, so messages that threaten a sudden cancellation if you do not pay immediately are a common sign of a scam.
Suspicious links
This is an obvious one as nowadays, most people are aware that you need to be cautious when suspicious links arrive in your inbox, but a reminder never hurts! Scammers often use phishing links to trick you into entering your payment details on a fake website, so always be careful and avoid clicking links.
Poor grammar and spelling
Many scam messages contain noticeable errors in spelling and grammar. While not a definitive sign, it can be an indicator that the message is not from a legitimate source. Unfortunately, AI (Artificial Intelligence) programmes like ChatGPT are making it easier for scammers to write convincing messages so don’t just assume because it doesn’t have errors that it’s real either.
Unusual contact methods
If the message asks you to communicate or pay through unconventional methods outside of the genuine website or app, it's almost one hundred percent a scam.
Preventive measures
So, now you understand the scam and know what signs to look for, the next question on the tip of your tongue is undoubtably “how can I prevent it happening to me?”. Taking proactive steps to protect yourself can help you avoid falling victim to these scams, so here are some practical tips to keep in mind:
Verify booking details
Make sure that you always confirm your booking details directly through the company’s website or app. It’s best to avoid relying on information provided in emails or messages that seem suspicious.
Use official channels
Always communicate with hotels and booking agents through their official messaging system. Never use any of the alternative contact methods suggested in unsolicited messages, booking agents would never ask for this so it’s a key sign of a scam.
Check for HTTPS
When visiting any website linked in a message, ensure the URL begins with "https://" which indicates a secure connection. Be wary of websites that do not have this security feature, it’s a sign that it’s not secure and that data you enter may be stolen.
Update your software
We know it’s easier to just keep tapping those ‘update later’ buttons, but it’s really important that you keep your antivirus and anti-malware software up to date. This is one of the best ways to protect against malicious attacks that can put your email and personal information at risk.
What to do if you suspect a scam
Despite your best efforts, you might still encounter a suspicious message or even fall victim to a scam. Here’s what you should do if that happens:
Report the scam
Immediately report any suspicious messages to Action Fraud. They can then investigate the issue, confirm whether it’s a scam, and take action to prevent other users from being targeted.
Contact your bank
If you have made a payment through a fraudulent link, contact your bank or credit card company right away. They can help you to secure your accounts and possibly even recover your money, although this is not a guarantee.
Change your passwords
If you suspect your account has been compromised, change your passwords immediately and log out of all sessions. Use a strong, unique password for each of your online accounts, we’re talking capitals, special characters, and numbers. Try to avoid anything too obvious, for example, your pet’s or children’s names as you’ll likely have this all over your social media and it can be easy to guess. The National Cyber Security Centre recommends using three random words as your password, just don’t forget to also put in capital letters, symbols, and numbers.
Monitor your accounts
Make sure you keep an eye on your bank and credit card statements for any unusual activity or anything that you don’t recognise. Report any unauthorised transactions to your bank as soon as possible, the faster you report it, the more likely they’ll be able to help.
Final thoughts
Booking a holiday should be exciting and stress-free, and with these tips, it can be! Just remember to stay vigilant and if something seems suspicious, it probably is. Happy travels!
Need some extra help with your organisation’s cyber security? Contact us today to find out how we can help.