A city break to Vienna, booked through a well-known portal, paid for by credit card – everything seems perfect. But shortly before departure, the hotel allegedly contacts you via WhatsApp: the booking is not secure, and your credit card details must be reconfirmed ‘for security reasons’. The link in the message looks trustworthy, and the name, travel dates and booking number are correct – what could possibly go wrong?
‘More and more criminals are hacking into booking platforms, stealing real reservation data and using it to fake official communications,’ warns Christian Lueg, IT security expert at European manufacturer ESET. ‘The messages look professional, use personal salutations and specific details – many victims only notice the fraud once their account has already been debited.’ Hackers obtain this data either through large data leaks, targeted phishing attacks or broad-based malware campaigns.
Fake messages from hotels are becoming increasingly authentic
The scam is tricky: instead of conspicuous spam emails, the perpetrators rely on psychological pressure, credible wording and communication channels such as WhatsApp or text messages. They often claim that a technical problem is jeopardising the reservation and that the customer’s details need to be ‘verified’. Anyone who clicks on the link falls into the phishing trap.
‘This method is particularly insidious because it builds trust, uses personal salutations and incorporates real booking details,’ explains Christian Lueg, IT security expert at ESET. ‘Many victims only notice the fraud when their credit card is charged or blocked.’
These tips will help you avoid falling for the latest scams:
* Only communicate via official channels: If a hotel contacts you via WhatsApp, check carefully: Does the number actually belong to the hotel? The safest way to communicate is via the booking portal itself, where messages can be verified.
* Do not click on links in chats: Even if the sender appears to be legitimate, never click on links in messenger messages from unknown or unexpected sources. The risk of a phishing attempt is high.
* Never disclose credit card details for ‘verification’ purposes: Reputable providers never ask for full credit card details via messenger or email. If in doubt, check with the hotel or portal directly via official contact channels.
* Remain calm if pressured or threatened: Phrases such as ‘Your booking will be cancelled without verification’ are designed to cause stress and prompt a quick response. Such wording is a clear warning sign.
* Use a strong security solution: Good protection starts with technology: ESET Mobile Security, for example, protects against malware, blocks fraudulent sites and protects your data even when you are on the move.
Fake listings are also doing the rounds
In addition to phishing messages, cybercriminals also rely on fake holiday homes during the peak travel season. They offer dream accommodation at bargain prices – complete with photos, addresses and alleged seals of approval. The reality: the accommodation does not exist and the money is gone.
What travellers should look out for:
* Use reputable providers: When looking for holiday rentals online, check whether the website has a legal notice. A quick price comparison with similar accommodation in the region provides additional information on whether the offer is realistic.
* Double-check the address provided: A quick Google search will reveal whether the accommodation on offer actually exists.
* Look for seals of approval: If seals of approval such as TrustedShops are displayed on the website, simply click on them to expose a scam. If you are redirected to the website of the seal operator, which explicitly mentions the accommodation provider, the offer is legitimate.
* Use fake shop finders: Sites such as watchlist-internet.at (https://www.watchlist-internet.at/liste-urlaubsbuchung/) collect fake online shops and accommodation providers. They are easy to use: simply enter the provider’s homepage and the site will show you whether it is likely to be a fake provider or not.
‘If accommodation is very cheap and too good to be true, then in most cases it is,’ says Lueg. ‘Caution and common sense are the best protection – so that your holiday doesn’t end as soon as you book it.’
With a few simple precautions, holidaymakers can significantly increase their digital security. Cybercriminals often rely on travellers’ carelessness, especially when booking. If you are prepared, you can enjoy your holiday without any worries.
