Look out for the fake holidays

Watch out when booking a holiday online, these are the destinations cybercriminals are targeting most 

McAfee reveals the top destinations hackers are targeting to make a quick buck off holidaymakers

News highlights:

  • One in five Brits (21%) have been scammed or nearly scammed when booking a holiday online
  • 27% of holiday scam victims said they only realised the site or reservation method they used was fraudulent, when they turned up to their holiday rental to find the booking wasn’t actually valid
  • Over a quarter (27%) of people do not check the authenticity of a website before booking a holiday online
  •  Almost a quarter (23%) of holiday fraud victims have been scammed after spotting a great offer which turned out to be too good to be true 

McAfee have revealed how cybercriminals are capitalising on consumers’ risky holiday booking habits for their favourite destinations. The findings show summer holiday hot spots Spain, Cyprus, Portugal and the US generate the riskiest search results when people are on the hunt for holidays online. 

*The top holiday destinations for Brits that hackers are targeting via potentially malicious sites:

1.     Malaga, Spain

2.     Florida, US

3.     Peyia, Cyprus

4.     Lagos, Portugal

5.     Marbella, Spain

Taking advantage of the high search volumes for accommodation and deals in these popular destinations, cybercriminals drive unsuspecting users to potentially malicious websites that can be used to install malware, steal personal information and even capture passwords.

“Wham, bam, thank you scam…”

McAfee’s survey of 2,000 Brits shows the tactic is paying off for cybercriminals, with one in five (21%) people reporting they have been scammed or came very close to being scammed, when booking a holiday online. Half of holiday scam victims reported they lost between £1,000 and £3,000 as a result of the fraudulent activity, leaving savvy criminals to muse “wham, bam, thank you scam”!

Bargain-hunting Brits are most at risk, with almost a quarter of holiday fraud victims (23%) being scammed after spotting a great deal which turned out to be fake. In addition to planting malware-ridden search results, hackers send malicious links through text messages, emails and pop-up adverts.

With a third of Brits (31%) booking holidays through email promotions and pop-up ads, Raj Samani, Chief Scientist and McAfee fellowcomments:

“We strongly advise people to validate deals, holiday rentals and flights directly via trusted brands’ websites, instead of clicking on links and pop-ups offering bargains. Once they’ve validated its authenticity, all communication and payment should be conducted via that trusted platform to help keep personal and financial information out of hackers’ hands.”

Taking stock before you book

More than a quarter (27%) of Brits are leaving the door open to fraud because they do not check the authenticity of a website before making an online holiday booking. While almost a fifth (17%) said they forget to check the authenticity of holiday websites because they get carried away with the excitement of booking.

However, the excitement can quickly turn into a holiday horror, as more than a quarter of holiday scam victims (27%) said they only realised the site or reservation method they used was fraudulent, when they turned up to their holiday rental to find the booking wasn’t actually valid. Meanwhile, one in ten (12%) admitted they don’t know how to check if a site is trusted.

Keeping data safe at home and away

Despite over a third (38%) of people perceiving their personal information to be less secure when on holiday versus when they’re at home, almost half (45%) said they either do not check the security of their internet connection or they willingly connecting to an unsecured network, while away.

With two in five (43%) respondents spending more than an hour on connected devices per day during trips away, it is particularly concerning to discover network security is not being prioritised. This is further amplified by the finding that people are using devices for data-sensitive activity such as checking and sending e-mails (56%) and managing money through a banking app (32%).

Additionally, almost a third of Brits (29%) said they use work devices while on holiday, and 15% can’t resist looking at their work email. Despite work devices being connected to a wealth of personal and private data via corporate cloud, email and productivity services, the vast majority admitted they connect to public Wi-Fi in the airport (62%) and hotel (49%), potentially putting sensitive business information at risk. 

Raj Samani added: “Businesses are working hard to enable people to work collaboratively and flexibly through productivity tools and apps based in the cloud. While it’s their responsibility to ensure the appropriate security is in place, no matter where their employees are in the world, cybersecurity threats exist and proactive steps must be taken by those using work devices abroad to minimise the risk.”

McAfee’s tips for identifying authentic booking sites and safe surfing on holiday to prevent travellers becoming victims:

1.     Look for the tick before you click. Only click on websites that your security software has authorised as being safe. For example McAfee WebAdvisor will identify safe websites with a green tick and will block malware and phishing sites if you accidentally click on a malicious link from your search results.

2.     Make all payments via a trusted platform. Fraudsters may try to lure you away from a trusted platform with the temptation of discounted rates. Holidaymakers should keep all communications, bookings and payments on trusted platforms to help protect them from phishing and other fraud.

3.     Always connect with caution. If you have to conduct transactions on a public Wi-Fi connection use a virtual private network (VPN) to help keep your connection secure.