The dangers of holiday planning

May 14, 2018
Threats Tips

So, you’ve been working all year long and finally decided to go on a nice holiday, taking a couple of weeks away from home, office, and everything else? That’s great! Of course, you don’t want anything at all to go wrong with your hard-earned break. To avoid disappointments — or worse — down the road, exercise caution while planning your trip.

This post discusses phishing methods criminals use during vacation seasons to steal people’s money and personal data, as well as ways to avoid them while planning your trip.

Booking lodging safely

Appealing offers

How rested you feel after your vacation depends largely on the place you choose to stay. Of course, everyone wants to book something nice without breaking the bank. So, imagine seeing an ad offering you a luxury two-bedroom apartment close to the center of a European capital at €500 a month. Or how about an entire four-bedroom house with a pool and a fireplace in Prague for just €1,000 for the whole month? The reviews describe an amazing vacation and hospitable hosts. The only part of these listings that’s true is, they’re too good to be true.

Take a good look at the URL and you may discover that you are browsing a completely different site than you thought. Be careful — Airbnb.com and, say, Airbnb.com.rooms-long-term-rent.online are two completely different sites: The first one is legitimate; the other (or anything like it) is a phishing site masquerading as the real Airbnb. Anything on a fake page, from descriptions to glowing reviews, is fake, put there to lure in gullible travellers.

If you know nothing about the site offering this appealing vacation, look for online reviews on other, reputable sites. Should you find bad reviews of this site — or fail to find any — refrain from making a purchase no matter how great it sounds.

Your website accounts

If you already have an account with Airbnb, Booking.com, or other vacation rental site, you’ll likely try and book your stay with them. But, again, you must be careful not to lose access to your account. Take its security seriously. Come up with a complex password (Kaspersky Password Manager can help with that) and enable two-factor authentication if possible. Always check the URL of the login page and verify that the connection is secure. The screenshots below give you examples of how phishers could try and hack your account.

By the way, if you do not yet have an account, phishers may try to steal your information from other services by encouraging you to log in through a social network or e-mail. They will try to do this on phishing pages that closely resemble real websites popular among travellers.

Buying a plane ticket

Fake ticket-buying sites

As mentioned above, if an offer sounds too good to be true, it probably is. This also applies to cheap airfares. Are you attracted by low prices and the name of a well-known flight-booking service? Make sure it really is their site by checking the URL carefully.

Fake ticket sites may even display real ticket prices and flight details — some phishing websites send search requests to real flight aggregators and display information received from them. However, they won’t do the same with your money — instead, they will keep it and not book you a real ticket.

Fake free flights

This isn’t the first time we’ve reported about free plane ticket scams (or even the second). Let’s quickly review the scenario: You’re invited to participate in a survey and send it to your friends in exchange for free plane tickets, but instead, after the survey, you are directed to a phishing website. You give up your personal information and get nothing in return.

With phishing, knowledge is power. You simply need to know about this scam to avoid it or ones like it.

Fake airline sites

Finally, if you regularly use an airline and you have an account on its website, you should also protect that, just as you protect account information for hotel-reservation and other websites, using a strong password, ensuring a secure connection, and of course checking the site address.

Below are a couple of screenshots from phishing sites malefactors use to get their hands on users’ personal information. Pay attention to the address bar.

If you receive an e-mail that appears to be an interesting offer from an airline, it’s best not to click on that link but enter the Web address of the airline into the browser manually. That’s a good general practice for avoiding phishing attacks. Access to your account is valuable, enabling malefactors to gain access to all of your personal information. Give it up and you also risk losing any tickets you’ve already purchased.

Safe vacation planning

We’ve discussed the primary threats you face when planning a vacation. But fraud comes in many forms, as do ways to make off with your money. Here are a few bits of advice that can help you avoid falling prey to pretty much any malefactors when planning your vacation.

  • Be skeptical of tantalising offers.
  • Check to make sure your connection is secure before entering any personal information on a website.
  • Always check the address bar to make sure you are actually on the website you are supposed to be on.
  • Buy tickets and book hotel rooms either from the company directly or through a well-known ticketing or hotel site.
  • Do not participate in questionable giveaways.
  • Use strong passwords and two-factor authentication wherever possible.
  • Checking the address bar is a good idea, but it may be insufficient; some malefactors know how to fake addresses. So always use a protection solution.