Holiday scams and how to beat them

School’s out for the summer and the heatwave has hit! As we start to think about holidaying, many of us will turn to online travel agents (OTA) to book that last-minute deal. As OTAs have grown in popularity, so too has the opportunity for scammers to target a new breed of online consumers. We should all be aware of the wave of digital scams that will accompany this trend.

In 2018, more than 5,000 tourists fell victim to holiday scams, resulting in average losses of £1,380 and a total of £7 million, according to Action Fraud. And of course, it’s not just down to financial strain. The emotional distress travelers experience at the hands of fraudsters can be equally damaging. 

From fake plane tickets to accommodation spoofs, online holiday booking has become both incredibly convenient and risky at the same time as fraudsters become increasingly more sophisticated.

Let’s take a look at a few of the biggest scams and how to avoid them:

1. Watch out for fake websites

It won’t surprise you that over half of reported online holidays scams were down to fake airline ticket sales. ABTA’s 2018 report noted that 53% of tourists were lured into booking a flight on a fake website for a nonexistent flight.

If you stumble across a website that offers you too-good-to-be-true flights, there’s probably a reason, so do your due diligence and learn to spot these fake sites. They may be previously unknown domains such as ‘www.theflightdealofyourlife.com’ – an OTA you probably haven’t heard of before so check whether it uses ‘https’ which offers more validity than ‘http’, or if it’s a more popular OTA such as Expedia, use your search engine if you’re not sure whether ‘www.expediaholidays.org’ is the real site. 

To avoid booking accommodation via a fake site, consider calling the owner or agent directly, and asking for the full address of the property to cross-reference with Google Maps.

Research, research, and research again – the key to online research lies in both the quality and quantity of the reviews. Look for the quality of images on the sites, and check if the companies are members of professional associations such as ABTA or ATOL. 

2. Beware the airport WiFi

With free WiFi pretty much a modern essential, it’s easy for tourists to connect when travelling whether it’s at the airport, hotel or local cafe. But, tourists need to look out for those unsecured networks that allow you to connect without a login and with no stated user terms. The problem with these networks is that your personal and private data can be easily exposed and thus, sharing bank details, financial information or any other sensitive data over these networks is incredibly risky.

If you really need to connect to unsecured wifi networks, make sure you keep your browsing to very dull searches – don’t check work email, don’t bank online, don’t purchase anything using your credit card details! If you’re travelling and need to work, speak to your IT teams about VPNs and logging into corporate networks securely. 

3. Double-check those deals

Let’s be honest, we all love a deal! However, as fraudsters increasingly look for new ways to con tourists out of money, we need to be extra cautious of those unsolicited emails that all too often seem perfectly legitimate but that may in fact harbor fake scams.

Phishing emails are in abundance, especially in the financial services, retail and travel sectors, so be aware that hackers can easily impersonate a brand’s primary domain. You may click on a link in an email that says you’re visiting “www.trailfinders.com” assuming it’s a legitimate site, but that domain may well have been hijacked and then used to harvest your data. As a user, there’s not much you can do about this apart from to avoid clicking these links.

Check the site’s authenticity and use trusted websites rather than clicking on links that take you through to competitions and last-minute deals or that redirect you to a new website altogether. 

We all work hard year-round and our holidays are there to enjoy stress-free with family and friends. But with so much fraud clouding our every day, it’s often hard to make that a reality. Yet, with a few simple steps, you can ensure you’re on your way to out-scamming the scammers before they’ve had a chance to make your holiday a washout.

If you work within the travel industry and want to ensure you’re protecting your customers from email scams being carried out in your name, then get in touch with the Red Sift team or check your DMARC status online, for free.

Check email DMARC setup

PUBLISHED BY

Red Sift

31 Jul. 2019

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more
Certificates

Never miss an expiring certificate again with Red Sift Certificates Lite

Francesca Rünger-Field

SSL/TLS certificates are the backbone of secure, uninterrupted digital experiences—but managing them effectively to prevent downtime remains a persistent challenge. With browser and certificate authorities looking to reduce certificate durations to as little as 90 or even 47 days, keeping track of renewals has never been more critical. That’s why we’re excited to introduce…

Read more
DMARC

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail…

Francesca Rünger-Field

Navigating G-Cloud 14 for DMARC solutions: A guide for former NCSC Mail Check users With the NCSC discontinuing key features of its Mail Check service, including DMARC aggregate and TLS reporting, after March 2025, UK public sector organisations must prepare for this change by transitioning to alternative email security solutions. To support this shift,…

Read more