Deals for travel packages are alluring to unsuspecting consumers, but they are often the work of fraudsters.
Scammers lure in travelers with the promise of inexpensive trips and discounts to attractions, but in return they are infecting people’s accounts with malware and stealing their personal information. Other cybercriminals are quick to take advantage of people focusing on enjoying their holiday and send phishing emails and texts to obtain data.
‘Too Good To Be True’ Vacation Deals
Cybercriminals are successful because they offer vacation packages that are “too good to be true,” Archie Agarwal, CEO at ThreatModeler, a Jersey City, New Jersey-based automated threat modeling provider, told TheStreet.
“This is through phishing where the adversary may send emails or even call the victim,” he said.
Campaigns around free hotel stays, deep discounts on travel or for local events at popular destinations aimed at gathering user information or credit card numbers are also common scams, Andrew Hay, COO at LARES Consulting, a Denver, Colorado-based information security consulting firm, told TheStreet.
The Federal Trade Commission received fraud reports from over 2.8 million consumers who lost $5.8 billion in 2021, an increase of over 70%. The most common fraud that was perpetuated were imposter scams, followed by online shopping scams. People also fell prey to prizes, sweepstakes and lotteries; internet services; and business and job opportunities that rounded out the top five fraud categories.
Vacationers need to be careful because of the proliferation of travel scams, Chris Hadnagy, CEO of Social-Engineer, an Orlando, Fla.-based social engineering and cybersecurity firm, told TheStreet.
As tourism season picks up, the use of malicious QR codes will also become bigger business for criminals, he said.
“These can be placed over parking meters, in restaurants and literally at any outdoor venue, Hadnagy said. “Criminals could also stick flyers on your car with some too-good-to-be-true offer and the person is enticed to scan the QR code to redeem it.”
Travel identity theft is a crime that most people aren’t aware of because they are sent a phishing text or email and are tricked into logging into their account. In turn, cybercriminals steal your airline miles, hotel points and other traveler rewards accounts in order to redeem your points or cash them out, he said.
“However, since a lot of people don’t think of these accounts as being valuable to anyone else, often the accounts have very poor password protection and are weak and reused,” Hadnagy said. “This makes it easy for a hacker to simply hijack the account by credential spraying with password dumps they can buy in the Dark Web.”
How to Avoid Hackers at Hotels, Amusement Parks and Museums
Before people embark on a trip, they should backup their devices so they can retrieve documents later, ensure all devices are encrypted and turn on the “lost device” recovery functions to track devices, Chris Pierson, CEO of BlackCloak, an Orlando, Fla.-based executive digital protection company, told TheStreet.
“The number one rule is to not use free WiFi connections, including hotel internet,” he said. “Use your phone as a hotspot by purchasing an international data plan.”
Avoid accessing websites that contain personal or financial information and make sure to end your sessions, Agarwal said.
A good idea is to use a virtual private network or VPN to tunnel your Internet traffic through, Hay said.
“One example is Google's VPN service which can tunnel traffic without the user needing to connect via a separate app all the time,” he said.
Public Wifi is always risky, even ones that look legitimate because a scammer could set up a fake network to trick you into connecting to their hotspot, Hadnagy said.
“The best advice is to avoid using public WiFi for anything important,” he said. “If you need to check your bank account, use your 5G signal to do it.”
Avoid using public Wifi or untrusted networks at the airport, museum, amusement park, restaurant or shopping areas because hackers are lurking.
“Do people need to see real-time updates on Instagram or TikTok or can they wait until you're back at the hotel?” Hay said.
Hackers Can Find You on a Plane, Train or Boat
A criminal can find victims anywhere since many airline networks are open and susceptible to data being intercepted, Hadnagy said. Hackers can use public networks and potentially share files using technologies like AirDrop that are available on iPhones.
“You should also shut down Bluetooth on your devices and things like Apple’s AirDrop – you do not want someone being able to drop a file on your device that may be malicious,” he said.
Losing Phones and Laptops
Losing your smartphone or a tablet during a vacation is stressful, but if you have the “find my phone” function turned on, you can ask a friend or family member to locate and lock your phone, Agarwal said.
Consumers can also adopt preventive security measures such as a passcode that is not common, using two-factor authentication for all apps that contain personal or financial information and disabling location on all apps while they are not in use, he said.
All devices now have the ability to encrypt stored data without an added cost, Hay said.
“In most cases, it's as simple as sliding a configuration button from disabled to enabled,” he said. “Nothing should be preventing you from encrypting your devices to protect them should they be lost or stolen.”
Before going on your trip, assume that all of your electronic devices are going to be lost or stolen, so make backups of important data, Aaron Turner, a vice president at Vectra, a San Jose, Calif.-based artificial intelligence cybersecurity company, told TheStreet.
“Plan for the worst,” he said. “Go to your mobile network provider and get an extra SIM card that you can activate in the event that your devices are stolen.”
Before you leave on a trip, especially if you are traveling internationally, make sure that all of your devices are updated with all security updates, especially for smartphones.
“Don't trust the 'install updates' screen on your phone to tell you if you're up-to-date,” Turner said. “Verify the version on your phone matches the latest version described online from a reliable source.”
Ridesharing Snafus
Since ridesharing is mainstream nowaday, beware of overzealous people who claim to be ride sharing drivers, he said. Some travelers will be approached by a random driver who claims to set people up with discounted fares, but instead “essentially” hold them hostage until money is paid via Venmo or CashApp.
Another fraud is when criminals use cellular jamming devices to prevent a tourist’s phone to stop communicating with Uber or Lyft.
“A ride sharing situation that I lived through firsthand in Miami was a driver who turned on the device, canceled his portion of the ride, then asked me to pay via Venmo instead of via the ride sharing app,” Turner said. “I was not in a position to question him and the price was the same for me, so I paid him after I got to the destination.”
Avoid ATMs
Using ATMs when traveling should be avoided, especially ones that are unattended at gas stations, said Turner, who has worked with the U.S. Secret Service researching card skimmers inside of ATMs.
“If you’re traveling internationally, think about establishing other methods to get cash than with your debit card in the event your card does get skimmed and you have to cancel it,” he said.
Tourists can avoid card skimmers by using ATMs instead of the bank building that have at least two surveillance cameras trained on them, never use a debit card to pay at unattended terminals such as parking gates or vending machines and use contactless payments to pay for everything, Turner added.
