Newest Online Travel Scams
When travel agents handled most planning, it was clear where to turn if something didn’t go as promised. “You could go back to someone and say, I had a bad trip and you steered me wrong,” says Christopher Elliott, consumer advocate and journalist.
These days, we take the independent route, organizing nearly every aspect of a trip across an Internet connection. But putting a vacation together piecemeal leaves accountability blurred when users are the victims of scams. And with each website used or travel start-up launched comes another potential access point for scammers.
“Social media is just another channel through which scammers can make their bogus pitches, like free Southwest tickets, with the added benefit, to the scammer, of greater trust,” says Stephen Cobb, security evangelist for ESET, citing a fake Southwest promotion that has appeared on Facebook as an example. With just a few clicks, people can follow, like, and share scams, pushing them out into their online circles with just a few clicks and in seconds—before having time to realize the offers are false.
A recent case in point: the appearance of a few fake Instagram accounts that managed to integrate the names of major airlines like American and JetBlue and offered free plane tickets to anyone who followed them. Even savvy travelers can find themselves swayed by such temptations. “People lose their minds when it comes to travel,” Elliott says. “They think they can get airline tickets for two cents or the free cruise.”
Misleading Pinterest surveys, unauthorized online ticket sellers, fraudulent owner accounts that offer vacation homes for rent, and fake plane ticket reservations sent over email are also among the latest techniques used by con artists. While the presentation of these travel scams continues to evolve, crafty phishers are still after the same things, says Michael Kaiser, executive director of the National Cyber Security Alliance. “The outcome the scammers are trying to achieve is to take money from you or collect personal information about you they can use in some way.”
Such scams can affect travelers and tourism industry professionals alike. Elliott, Kaiser, and Cobb suggest online users research thoroughly and act slowly, especially when prompted to plug in personal information, including when connecting a site with your Facebook account.
Keep in mind that these online offers, however alluring in the moment, can end up costing far more than what they would have saved. As the old saying goes, if it is too good to be true, it probably is—especially when it comes to free travel.
Pinterest Survey Scams
Photocentric social networking site Pinterest has exploded in popularity, and its big, beautiful images make it an inspiring tool for researching destinations or just daydreaming. Liam O. Murchu of Norton by Symantec warns that scammers have evolved their approaches to work across this platform, luring people in to click on intriguing photos. They then are led to complete surveys—in which they usually have to offer up personal information—with the empty promise of a free gift upon completion.
False Instagram Accounts Offer Free Plane Tickets
In fall 2012, a handful of Instagram accounts appeared that incorporated the names of reputable airlines such as American Airlines, JetBlue, Delta, and United and offered followers free plane tickets just for following. The claims were false, and though the accounts themselves were fairly simple and included only a few pictures, they racked up tens of thousands of followers before representatives from the official airlines realized their company names were being misused and discredited the accounts.
Aggressive Mobile App Advertisements
Scams are just as likely to occur on smartphones and tablets as on a laptop. Mobile applications, often used to make plans on the go, can include aggressive advertising or “madware” that can be seeking to phish sensitive information, says Marian Merritt, Internet safety advocate for Norton by Symantec. She advises protecting smartphones and tablets with mobile security tools.
Fake Vacation Rental Owners
Consumer advocate Christopher Elliott investigated a number of cases involving HomeAway, which also owns VRBO.com, in which hackers accessed vacation owners’ accounts with phished usernames and passwords and extorted money from unsuspecting bookers. The site has since taken some measures like issuing fraud alerts and posting warnings on its sites about phishing. To scope out the person on the other end of a transaction, try making contact by phone—and then pay by a traceable method like a credit card. Another rental site, Flipkey, has introduced measures to make bookings more secure: everyone who lists a property first goes through a background check; most users must now accept credit cards; and anyone who posts a review must have stayed at the respective rental property (a standard that its parent company, TripAdvisor, has yet to adopt).
Fake Travel Vouchers on Facebook
A promotion of free Southwest Airlines tickets periodically emerges on Facebook and spreads fast and far across the social media network. Similar fraudulent offers have appeared for JetBlue and Delta. In all cases, the link is a ruse that leads users to a site that looks identical to the official one—except that it prompts users to connect with their Facebook account and install an application. When users accept, the malicious application can harvest personal information. While many trustworthy applications leverage Facebook and encourage users to connect their accounts to interact, take the time to be sure an application is official before installing or connecting.
Fabricated TripAdvisor and Yelp Reviews
Aggregate review sites like TripAdvisor and Yelp are the first point of reference for many travelers. Since so many consumers and industry professionals rely on these sites, reviews have the potential to sabotage business owners’ reputations and to misguide. They can be penned anonymously or under a pseudonym, and controls to prevent or monitor the validity of reviews are more or less nonexistent (although site officials talk of algorithms and designated individuals to sleuth out false reviews). Look at the collective evaluation of a place, as opposed to zeroing in on one especially glowing or negative review, and hedge your bets by cross-checking reviews across both user-generated and editorial websites.
The Stranded Traveler Scam
People often take to Facebook, Twitter, and other social media to post about the dates and details of upcoming travel plans. Instances have occurred in which scam artists track this information and then, when that person is away, access the out-of-towner’s account to send out panicked messages requesting money to friends and connections—messages that sound more plausible than those Nigerian Prince spam emails. These scam artists are attempting to exploit the sense of trust social media can create. If you get an urgent cash request, it’s best to verify it with your friend first and through a different medium than where you received the message.
Unauthorized Ticket Sites
Unauthorized resellers or dealers will often grab official images and logos to give a sheen of credibility to a site used to sell tickets or stays. One red flag: you see a listed price that is significantly lower than the price being offered elsewhere. Even if it does seem to be in the appropriate range, potential buyers should check with the original company for a list of authorized resellers or dealers, read the fine print, and research the reseller. Safeconcerts rates ticket sellers, while Tixabroad has a 100 percent money-back guarantee in case an international soccer match or concert booked through the site is canceled or there is an issue with the tickets.
The Case of US Airlines
One method scammers use is to borrow names, jargon, and logos from credible companies to create something that seems familiar at first glance, but actually is fabricated. That is the trick one “US Airlines” pulled when sending out messages offering free plane tickets. These free tickets served as an eye-catching front to get people roped into some sort of high-pressure travel club that was actually out to fleece those strong-armed into joining. “US Airlines” sounds generic and plausible, but no such company exists.
Fake Facebook Fan Pages
Some cybercrooks manage to create offers on Facebook that appear in users’ newsfeeds as fan pages, which they are invited to “like” in order to obtain the offer. Upon clicking, users are taken to a fake page that immediately grabs their personal information. Liam O. Murchu, manager of operations for security response at Norton by Symantec, says that in many cases even just liking or sharing can make someone vulnerable to a cyber attack.
Unsecure Wireless Networks
When you’re on the road, it’s tempting to latch onto whatever Wi-Fi is available. Before connecting to a wireless network, however, be sure to check the network’s security. Open wireless networks are risky, and even officially named networks belonging to airports, hotels, or business centers can leave transmitted data unprotected and open for others to grab. A safer way to connect is via a personal 3G or 4G hotspot set up through wireless providers—even if that means getting a roaming data plan before leaving home, or buying a SIM card once you touch down to use temporarily in an unlocked smartphone, or purchasing a personal Wi-Fi hotspot service or unit.
Dummy Wi-Fi Networks
Some hackers phish data by establishing a dummy Wi-Fi network that overlaps with that of a hotel or other business, so that it appears as an option for users attempting to connect. Information is then gleaned from those who connect and navigate on the network. Often these network names will differentiate slightly from the real one, perhaps incorporating a misspelling that can go unnoticed. Double-check the Wi-Fi information with your hotel’s staff, but keep in mind that even the property’s official wireless network also might be unsecure.
Skype has enabled us to make free phone and video calls around the world. But because of its widespread popularity, the service and its users have been subject to a number of scams over the past years. In one case, a pop-up message prompted users to download software, which ended up being capable of infiltrating users’ computers and stealing files. Spam instant messages also are commonly sent via Skype. Keeping computer security up to date can block a number of the scams, but when prompted to download or update, always pause to double-check (even with a quick online search).
Confirming False Plane Tickets
Consumer Reports recently documented a case in which people were receiving messages to click and “confirm” plane ticket reservations they had not actually made. These messages were appearing in emails with a related link, although they also can appear as “smishing,” over phone messaging services. When looking to access links—even if no reservations were made but curiosity wins out—type the URL directly into the browser rather than blindly clicking from the email.