As ConsumerAffairs reported recently, summer travel scams are on the rise. One of those on the hot list was the “HR vacation approval” ruse, but now we’re looking at several more in the whack-a-mole world of scams. Here's what's popped up on ConsumerAffairs' radar lately.
The airline compensation scam
Check Point Research (CPR) tells ConsumerAffairs that its researchers have been seeing phishing attempts dressed up as emails from airlines that supposedly have some money waiting for the email recipient.
The ones the researchers noticed came from TAP Airlines. TAP is a Portugal-based airline and scammers might not use it as the brand they phish with in America, but it’s the “compensation” angle the scammers are playing up that’s important.
The email subject line CPR observed was “Flight delay compensation EUR 135” (so 135 Euros), but in the U.S., a phishing email might try and mimic, say, Southwest Airlines and say “Flight delay compensation U.S. $135.”
Using an airline like Southwest or American, Delta, or United as the bait has a lot of potential, too. In Southwest’s situation alone, there were nearly 130 million people who fly that airline every year so even if hackers were able to successfully sucker one-tenth of 1% of those, that’s 130,000 innocent people who could get defrauded.
Your reservation has been canceled
All scams are bummers, but what can be worse than airline or booking accommodations only to find out that your reservation has been canceled? While there have been similar scams, the latest version has the scammer who booked the place -- the, uh, "reservation agent" -- following up to tell you that they can get you rebooked at another of the properties they represent. They'll even send you pictures of the place to regain your trust.
But, once they've got you on their side, they inform you that the property or the reservation company requires a deposit to book the room.
The fake front desk scam
Here's a new wrinkle: A scammer calls up a hotel at 3 a.m. and says, "Room 205, please." The person in the room answers the phone and in their groggy state, hears someone on the other end say that there's been a computer glitch and they need credit card information to re-input the guest's information into the hotel's system.
Many people wouldn't question the validity of the request but once you give the scammer your credit card information, they're going on a shopping spree while you go back to sleep. You can't say you haven't been warned.
How to protect yourself
As cybercrooks continue to get smarter and smarter, we as potential targets have to up our game, too. And these “summer travel” scams are just the tip of the iceberg.
CPR says that in May 2023 alone, a total of 29,880 new domains related to every holiday or break you can think of – Christmas, spring break, etc. – were created. This represents a 23% year-over-year increase compared with the same period last year.
CheckPoint’s analysts shared four things with ConsumerAffairs that we can all do that will pretty much keep us safe.
Authenticate, authenticate, authenticate. Rather than following a link sent through an email or text message, search for the retailer and locate the promotion directly on their website. Taking those extra steps will ensure you don't click on any fraudulent links, allowing you to make your purchase with confidence.
Be alert to similar domain names. Scammers tend to build out gotcha websites by riffing on the domain name of a legit one. They’ll use additional letters or a hyphen or slightly misspell the brand in a way that you might not catch – such as “Expedea” (it's really "Expedia") or using the number “1” instead of a lower-case “l” [L]. If you look for tell-tale signs such as those, you might save yourself a major headache.
Look for ‘too good to be true’ offers. Many phishing scams promise very attractive discounts on popular holiday packages. “If you receive an offer that does appear to be too good to pass up, don’t rush to buy it before it sells out. Chances are it is a scam,” the researchers warn. “Instead, check that the seller is authentic by checking other websites to see if they are offering similar discounts.”
Always look for the padlock. This one tends to get glossed over a lot, simply because we’re not trained to look for it, but if a website name begins with “https,” it means that it is compliant with international security standards, and that padlock icon is intended to verify that. If there’s no “s” after the “http” or no padlock, you should avoid that website and everything with it.
