Millions spent a larger chunk of the last 18 months stuck behind four walls and are eager to travel. As if it wasn't enough to worry about the spread of the Delta variant, smelling a quick profit, scammers flocked to cash in on dreams of a vacation.
With the rollout of a Covid vaccine, more people started traveling. Data from the US Transportation Security Administration (TSA) shows that the number of passengers was three times higher at the start of August, compared to the same period last year.
It shouldn't be a surprise that Bolster, a fraud prevention company, noticed that the number of scams sited, aimed at travelers, grew alongside vaccinations and passenger numbers. An analysis found that the number of travel scams increased four times in the first half of 2021, with over 5 thousand fake sites by late June.
We saw this house which was in hindsight maybe too good to be true. Then we were contacted that they would stop their contract at Booking.com and would only continue on Airbnb. And asked us if we would still be interested,Reddit user Parapampus.
Even though 2021 was awash with headline-catching ransomware attacks, casual scams still make up most of the attacks and hurt millions of people annually.
Data by the US Federal Trade Commission shows that consumers lost close to $78 million to various travel and vacation-related scams since the beginning of the pandemic, the highest amount among all fraud cases. And that number covers only reported cases. The actual total of those scammed is likely to be much more significant.
Usually, scammers send an ad with a lucrative offering in a spam email or use popular social media platforms. After clicking on an ad, an unsuspecting victim gets directed to a website that closely resembles the original. A flawed website address, visible in the web browser, should be a dead giveaway.
Among the most popular ways to defraud a holiday-goer is a phishing scam. Fraudsters imitate a well-known rentals platform like Airbnb or Booking. According to Will Hatton, CEO of Broke Backpacker, a travel blog and veteran traveler, scammers use similar tactics with various travel-related sites, like hotel platforms and airplane ticket vendors.
"More insidious versions of these scams can also steal your username and password. The best way to avoid them is to not fall for any freebie event which asks you to share a dicey link," Hatton told CyberNews.
Lost credentials can cause much trouble, like having your flat listed for rent or sale without your consent. Reddit user VenomousbutterfIy claimed to have a couple show up on her doorstep, thinking they've rented the place for several nights even though the Redditor never listed the site. Fraudsters likely used her house to convince victims to pay the perpetrators outside the platform.
Usually, however, scammers will try to convince the holiday-goer of an impossibly good deal, try to redirect outside a trusted platform, or send fake confirmation links. This type of scam involves an email that requires confirming a hotel or an airplane booking.
That, of course, can only be completed by giving scammers personal information. As with every case, the key trick is to convince the victim that the email comes from a legitimate vendor.
"This would be an official-looking website, where you, the traveler, would be asked to confirm your itinerary or even sign through your frequent flier account. Once you do this, you have opened yourself up to attack," Hatton explained.
Scammers also employ a tad of social engineering to convince the victim to fall for the con. One way is to use a legitimate vacation rental site for the listing to assure the victim that a transaction is nothing but legitimate.
For example, a Reddit user Parapampus told CyberNews of a scam while trying to book a place for ten people in Spain. He found a listing on Booking.com. The website was real, and the listing seemed to be real, too, albeit quite cheap.
"We saw this house which was in hindsight maybe too good to be true. Then we were contacted that they would stop their contract at Booking.com and would only continue on Airbnb. And asked us if we would still be interested," Parapampus explained.
A little bit of paranoia can be healthy to help keep you protected when online,Aaron Hatton.
Many users juggle between several vacation rental platforms and might not be inclined to trust one over the other. Thus, the Reddit user agreed to use a different platform and received a link to access the listing on what was supposed to look like an Airbnb website.
The site was sophisticated enough that Parapampus could reserve the listing and received a notification that the booking is 'confirmed' and he needs to pay for the reservation within 24 hours, or the supposed owner will cancel the reservation.
To further the deception, scammers send emails with suggestions for activities in the vicinity of the fake reservation.
However, Parapampus took note of the said Airbnb link scammers and noticed inconsistencies. Once confronted about the link, scammers deleted the fake listing and were nowhere to be seen. The Reddit user was moments from losing over $3 thousand.
On the lookout
The hard truth of the matter is that the best way not to fall for a travel scam or any other fraud is to always be on the lookout for suspicious emails, ads, or deals that look way too cheap. As the old adage goes – if it sounds too good to be true, it likely is.
According to Aaron Hatton, the head of cybersecurity at Research & Innovation, an IT consultancy, it's always wise to check who sent the email in the first place. Usually, phishing emails will come from an email address that is similar to the original but not exact.
There might be double spelling where there shouldn't, the letter 'o' might be swapped for a zero symbol. Hatton advises to look out for calls from travel agents, hotels, or airlines you didn't book anything with.
"It may be legitimate, but probably best to check it to be on the safe side. A little bit of paranoia can be healthy to help keep you protected when online," Hatton told CyberNews.
It's also advisable to check links within a said email thoroughly. However, Hatton advises avoiding clicking on a link since that can result in downloading a malicious program. It's enough to hover the mouse cursor over the link to see its preview.
If you're still in doubt, don't hesitate to contact your vendor's customer service support. The number or an email address for customer support should be taken from a legitimate page of a said vendor, as scammers will include fake customer support contacts in fake emails.
More from CyberNews:
Subscribe to our newsletter