Travel Scams Surge: Booking.com Impersonation and Fake Websites Target Holiday Planners
Cybercriminals are increasingly targeting travelers with sophisticated scams, including fake booking websites and phishing campaigns impersonating popular platforms like Booking.com, leading to a significant rise in reported incidents.
Travel booking, a process often filled with anticipation for a well-deserved vacation, has become a lucrative hunting ground for cybercriminals. The high-value nature of transactions, combined with the emotional decision-making involved in planning trips, creates a perfect storm for scams. Attackers exploit these factors by creating convincing fake booking websites, sending deceptive phishing messages about reservation issues, listing fraudulent vacation rentals, and offering "too good to be true" deals that lure unsuspecting travelers.
The travel and hospitality sector is a frequent target for data breaches due to its complex IT infrastructures and reliance on third-party integrations. These breaches often expose sensitive personal and financial information, including names, travel dates, contact details, and sometimes even passport numbers. This stolen data is then weaponized by attackers to make their scams appear more legitimate and personalized, increasing the likelihood of success.
One of the most prevalent tactics involves the creation of fake booking websites that meticulously clone legitimate airline, hotel, and travel agency sites. These fraudulent sites are often promoted through deceptive online advertisements or SEO poisoning, manipulating search engine results to appear at the top. Victims who enter their payment details on these fake sites receive fraudulent confirmations, only realizing the deception when their bookings fail to materialize.
Phishing messages, delivered via email, text, or in-app notifications, are another common vector. These messages typically claim there is a problem with an existing booking, urging the recipient to click a malicious link, open a dangerous attachment, or call a fraudulent support number. Scammers frequently impersonate well-known travel brands, leveraging data from previous breaches to craft convincing lures. Malwarebytes has observed a significant increase in Booking.com impersonation scams, particularly following a recent data breach that provided attackers with valuable information.
Vacation rental fraud is also on the rise. Scammers create fake listings or hijack legitimate ones on popular rental platforms, often encouraging communication and payments to occur off-platform to circumvent built-in security measures. This tactic allows them to pocket payments without providing any accommodation, leaving travelers stranded and out of pocket.
"Too good to be true" deals, such as deeply discounted flights or accommodations, are used to entice victims into paying for non-existent services. Scammers often employ urgency tactics, claiming limited-time offers will expire soon, to pressure individuals into making hasty decisions without proper verification.
Malwarebytes' Scam Guard data indicates a notable surge in Booking.com impersonation scams, with a 56% increase observed in the period following a disclosed April breach. These scams manifest in various forms, including fake cashback emails, requests for additional reservation fees via in-app messages, malicious PDF attachments disguised as secure viewers, and phishing websites demanding credit card verification via text messages.
To mitigate these risks, travelers are advised to use secure payment methods like credit cards, which offer better fraud protection than debit cards or bank transfers. Sticking to trusted booking platforms and avoiding sponsored search results is crucial. Verifying bookings through independent channels and treating requests to move communication or payment off-platform as suspicious are essential precautions. Recognizing red flags such as urgent language, unexpected attachments, and mismatched sender domains can help travelers avoid falling victim to these pervasive scams.