Digital fraud in airline and travel booking services on the rise

The holiday season is in full swing and travellers around the world are looking for interesting places to visit, cheap places to stay and reasonably priced flights. But scammers are equally on the ramparts, ready to seize the opportunity and offer travellers exactly what they are looking for.

This time of year traditionally marks the intensification of scam activities, with numerous phishing pages being distributed under the guise of airline and tourist booking services. To help travellers avoid such scams, Kaspersky researchers share some of the most common scam schemes used to lure victims, as well as useful tips on how to plan a safe holiday.

Fake ticketing websites

Most travel starts with a plane or train ticket, and travel enthusiasts are often interested in buying tickets at a bargain price. Kaspersky experts have identified many fake websites that claim to offer users the opportunity to buy airline tickets at a cheaper cost. Such sites are usually well-constructed phishing pages that mimic famous airline services and airline ticketing websites. Some of these sites even display the details of actual flights, with experienced phishers sending search requests to flight booking companies and displaying the information they receive from them. However, instead of delivering the promised airline tickets, they keep the money and use the personal data for malicious purposes (e.g. selling bank details and identifying details on the dark web).

Fake draws for discounted tickets

There are also many fake sites that try to lure travellers with airline ticket sweepstakes, raffles and gift cards. Users are offered the opportunity to participate in a short survey and enter their personal details in exchange for a generous discount on an airline ticket. As with many other offers that seem too good to be true, such sites end up being phishing sites, collecting personal and card details of the victims.

In addition, the survey usually ends with a request to send the website to friends to receive the prize. In such cases, cybercriminals use the victims themselves as a tool to further spread the scam. A link sent from people you know seems more credible than a link received from a stranger. If the user follows the link and tries to get their prize, they often find that they must first pay a commission or fee. Once this money is paid, the cybercriminals disappear - without rewarding the user.

Fake rentals

Another popular tactic used to defraud travelers is fake rental services. One example involves offering a luxury two-bedroom apartment near the centre of a European capital for as little as €500 per month. Another seemingly attractive offer is the rental of an entire four-bedroom house with a swimming pool and fireplace for only €1,000 for the entire month. Reviews describe amazing holidays and welcoming hosts. This encourages users to pay for a month's stay, but they actually end up sending their money to scammers.

Vassilis Vlachos, Kaspersky Channel Manager for Greece and Cyprus, said:

We are well into the summer season and everyone is rushing to make the necessary reservations. However, holiday planning is not easy. People can spend weeks, even months, looking for the perfect place to stay and the tickets to get them there. Scammers use this to lure users who are tired of looking for great deals, and we can see an intensive scam activity targeting users through fake booking and rental services. Such attacks are completely preventable, so we urge users to be wary of overly generous offers. If an offer seems too good to be true, it probably is.

To stay protected while planning your holiday, Kaspersky experts recommend:

• Carefully examine the address bar before entering any sensitive information, such as your login and password. If there is something wrong with the URL (e.g. spelling, it doesn't look like the original or uses some special symbols instead of letters) don't enter anything on the site. If in doubt, check the site's certificate by clicking on the lock icon to the left of the URL.
• Book accommodation and tickets only through trusted websites and reliable providers. Ideally, manually type their website address into the address bar.
• Do not click on links that come from unknown sources (whether through email, messaging apps or social networks).
• Visit the company's official website to see if a giveaway is being offered via email or social media by a travel or airline to confirm that the offer actually exists. You should also carefully check the links to which the gift advertisement takes you.
• Read reviews and do your research: Research the accommodations, airlines or travel agencies you plan to use.
• Read reviews from trusted sources to get an idea of other travelers' experiences and any potential red flags.
• Use a good security solution that can protect you from spam emails and phishing attacks. We recommend Kaspersky Security Cloud.