Airline and booking services scams intensify at the height of the holiday season

Vacation season is well and truly upon us, and travelers around the world are looking for interesting places to go, cheap places to stay and reasonably priced flights. And scammers are here to give them what they need — well, sort of. Kaspersky researchers have observed intensified scamming activities, with numerous phishing pages distributed under the guise of airline and booking services. To help travelers avoid scams, company researchers share some of the most widespread fraud schemes used to lure victims as well as helpful tips on how to plan a safe, scam-free, vacation.

Fake ticket aggregators

Most trips start with a plane or train ticket, and travel enthusiasts are often interested in getting their hands on a bargain. Kaspersky experts have seen numerous fake websites claiming to offer users the chance to buy airplane tickets at cheaper costs. Such websites are usually well-made phishing pages that mimic famous airline services and air ticket aggregators. Some of these websites even display the details of real flights, with experienced phishers sending search requests to flight aggregators and displaying the information received from them. However, instead of delivering on promised flight tickets they keep your money and use your personal information for malicious purposes (e.g. selling your bank details and identifying information on the dark web).

An example of a phishing page mimicking an airline service website

Fake lotteries for discounted tickets

There are also plenty of fake pages attempting to lure travelers with airplane ticket draws, lotteries and gift cards. Users are offered the opportunity to take a small survey and enter their personal details in exchange for a generous discount on a flight ticket. As with many other offers that seems to be too good to be true, such websites end up being phishing sites, collecting victims’ personal information and card details.

On top of this, the survey usually ends with a request to distribute the site among friends to receive the prize. In such cases, cybercriminals are using the victims themselves as a tool for spreading the scam further. A link sent by people you know seems more trustworthy than one received from a stranger. If the user then follows the link and tries to get their prize, they often find they need to pay a commission or fee first. After this money is paid, the cybercriminals disappear – without rewarding the user.

An example of a fake airline service offering a discount for completing a survey

Fake rentals

Another popular tactic used to scam travelers is fake rental services. One example includes the offer of a luxury two-bedroom apartment close to the center of a European capital for just €500 a month. Another seemingly appealing offer is for the rental of an entire four-bedroom house with a pool and fireplace for only €1,000 for the whole month. The reviews describe an amazing vacation and hospitable hosts. This encourages users to pay for their month-long stay, but in reality they end up sending their money to fraudsters.

An example of a phishing page offering a flat rental

“Planning a vacation is not easy. People can spend weeks, even months, looking for the perfect place to stay and the tickets to get them there. Fraudsters use this to lure users that have grown tired of searching for great deals. After two years of flight restrictions imposed by the pandemic, travelling is back. But so are travel scams – with intensified scamming activity targeting users through fake booking and rental services. Such attacks are totally preventable, which is why we urge users to be skeptical about overly generous offers. If an offer seems too good to be true, it probably is,” comments Mikhail Sytnik, security expert at Kaspersky.

To keep yourself protected while planning a vacation, Kaspersky experts recommend:

Carefully looking at the address bar before entering any sensitive information, such as your login details and password. If something is wrong with the URL (i.e. spelling, it doesn’t look like the original or it uses some special symbols instead of letters) don’t enter anything on the site. If in doubt, check the certificate of the site by clicking on the lock icon to the left of the URL.

Only booking your stay and tickets through the trusted websites of trusted providers. Ideally, type the address of their website manually in the address bar.

Not clicking on links that come from unknown sources (either through e-mails, messaging apps or social networks).

Visiting the business’ official website if you see a giveaway offered in e-mail or on social media by a travel company or an airline to confirm the giveaway exists. You should also carefully check the links the giveaway ad leads you to.

Using a good security solution that can protect you from spam emails and phishing attacks. We recommend Kaspersky Security Cloud.