Brits beware of holiday deals this summer: more than 2,500 airline and booking service scams reported in the UK
August 2022 by Brits
The holiday season is well and truly upon us, and travellers around the world are looking for interesting places to go, cheap places to stay and reasonably priced flights. And scammers are here to give them what they need — well, sort of.
Over the past few months, Kaspersky researchers have observed intensified scamming activities, with numerous phishing pages distributed under the guise of airline and booking services. According to Kaspersky data, the UK has ranked 3rd highest across Europe on both booking (2,527) and airline (49) scams. In March alone, Kaspersky researchers found a total of 1,504 phishing pages distributed under the guise of booking and rental services in the UK. Some of the most common holiday-themed techniques used by scammers during 2022 were:
Fake ticket aggregators
Most trips start with a plane or train ticket, and travel enthusiasts are often interested in getting their hands on a bargain. Kaspersky experts have seen numerous fake websites claiming to offer users the chance to buy airplane tickets at cheaper costs. Such websites are usually well-made phishing pages that mimic famous airline services and air ticket aggregators. Some of these websites even display the details of real flights, with experienced phishers sending search requests to flight aggregators and displaying the information received from them. However, instead of delivering on promised flight tickets they keep your money and use your personal information for malicious purposes (e.g. selling your bank details and identifying information on the dark web).
An example of a phishing page mimicking an airline service website Fake lotteries for discounted tickets
There were also plenty of fake pages attempting to lure travellers with airplane ticket draws, lotteries and gift cards. Users are offered the opportunity to take a small survey and enter their personal details in exchange for a generous discount on a flight ticket. As with many other offers that seems to be too good to be true, such websites end up being phishing sites, collecting victims’ personal information and card details.
On top of this, the survey usually ends with a request to distribute the site among friends to receive the prize. In such cases, cybercriminals are using the victims themselves as a tool for spreading the scam further. A link sent by people you know seems more trustworthy than one received from a stranger. If the user then follows the link and tries to get their prize, they often find they need to pay a commission or fee first. After this money is paid, the cybercriminals disappear – without rewarding the user.
An example of a fake airline service offering a discount for completing a survey Fake rentals
Another popular tactic used to scam travellers is fake rental services. One example includes the offer of a luxury two-bedroom apartment close to the center of a European capital for just €500 a month. Another seemingly appealing offer is for the rental of an entire four-bedroom house with a pool and fireplace for only €1,000 for the whole month. The reviews describe an amazing vacation and hospitable hosts. This encourages users to pay for their month-long stay, but in reality they end up sending their money to fraudsters.
An example of a phishing page offering a flat rental
“Planning a holiday is not easy. People can spend weeks, even months, looking for the perfect place to stay and the tickets to get them there. Fraudsters use this to lure users that have grown tired of searching for great deals. After two years of flight restrictions imposed by the pandemic, travelling is back. But so are travel scams – with intensified scamming activity targeting users through fake booking and rental services. Such attacks are totally preventable, which is why we urge users to be skeptical about overly generous offers. If an offer seems too good to be true, it probably is,” comments Mikhail Sytnik, security expert at Kaspersky.
To keep yourself protected while planning a vacation, Kaspersky experts recommend:
• Carefully looking at the address bar before entering any sensitive information, such as your login details and password. If something is wrong with the URL (i.e. spelling, it doesn’t look like the original or it uses some special symbols instead of letters) don’t enter anything on the site. If in doubt, check the certificate of the site by clicking on the lock icon to the left of the URL.
• Only booking your stay and tickets through the trusted websites of trusted providers. Ideally, type the address of their website manually in the address bar.
• Not clicking on links that come from unknown sources (either through e-mails, messaging apps or social networks).
• Visiting the business’ official website if you see a giveaway offered in e-mail or on social media by a travel company or an airline to confirm the giveaway exists. You should also carefully check the links the giveaway ad leads you to.
• Using a good security solution that can protect you from spam emails and phishing attacks. We recommend Kaspersky Security Cloud.