Summer Vacation Scams: How to Protect Yourself

Summer has arrived, and so have the new scams around booking summer vacations. But fortunately, there are some easy ways to protect yourself against the rising tide of cyber threats targeting holidaymakers throughout your booking process.

In May 2024, Check Point Research (CPR) identified a significant increase in summer-related cyber scams, highlighting the need for travelers to be informed and proactive in protecting their personal information, according to OT.gr.

Notably, there was a remarkable increase in newly registered holiday-related domains compared to the same period last year. Of the 25,668 new domains registered, one in 33 was found to be either malicious or suspicious.

CPR has identified various malicious domains, including websites such as booking-secure928[.]com, hotel-housekeeper[.]com, and agodabooking[.]top.

The sites mimic well-known travel brands and are designed to deceive users into entering their login details, potentially leading to the theft of personal information.

Additionally, the time-old trick of phishing emails, masquerading as legitimate communications from trusted companies, are still making their rounds.

And example of a phishing campaign observed in May 2024 included an email with the subject “Booking.com Invoice 3255753442,” was sent from a deceptive email address “noreply@b00king[.]biz”, and contained a PDF attachment named “Invoice-3255753442.pdf,” which, when opened, redirected users to a malicious website.

How to Protect Yourself

Fortunately, there are some easy things you can do to protect yourself throughout the booking process, including the following actions.

• Verify Website Authenticity: Check for HTTPS in the URL and look for ‘trust indicators’ such as padlock symbols or site seals. Avoid entering your personal information on websites with suspicious URLs or spelling errors.
• Be Cautious with Emails: Even emails that appear to come from trusted sources should be approached with caution. Be wary of unexpected attachments or requests for personal information. When in doubt, contact the company directly using contact details from their official website instead of clicking links in the email.
• Stay Informed: Keep up-to-date with the latest cyber threats and scams by following reliable cybersecurity blogs, subscribing to security newsletters, and participating in online forums or communities where cybersecurity professionals share knowledge and tips.
• Use Comprehensive Security Software: Regularly scan your devices for threats using antivirus and anti-malware programs. Keep these programs updated with the latest definitions to ensure they can detect and prevent new forms of malware.