Warning: Four holiday booking scams to watch out for as £15 million a year lost to travel fraud
If you're booking your next holiday, watch out for fake deals, clone websites and bogus cancellations, as criminals are ramping up their efforts to trick holidaymakers out of their money this summer.
Figures from fraud reporting agency Action Fraud show that over £15 million was lost to holiday booking scams between April 2022 and April 2023 – a 41% increase on the previous year – with the summer months seeing the most scams reported.
Fraudsters use a variety of increasingly sophisticated techniques to con people – below, we've listed four of the most common holiday booking scams and how you can protect yourself from them. For more help avoiding scams, see our 30+ ways to stop scams guide.
1. Fake accommodation deals – if it sounds too good to be true, it probably is
- You're browsing social media when you come across a post offering a gorgeous luxury villa to rent – and due to a recent cancellation, it's 25% off. All you need to do to secure it is pay a deposit using a reputable money transfer service...
- You've found a listing for a charming cottage on a popular holiday booking website. It looks like the perfect home away from home – and it's much cheaper than other properties in the area. The host asks if you wouldn't mind paying them directly by bank transfer as it's cheaper for them that way – they'll even give you a discount...
- You're looking for a glamping break online but all the spots you've checked are fully booked for the summer. Then you come across an advert on social media showing last-minute availability. You click through and everything looks as expected, so you go ahead and book. You're reassured when a confirmation email pops into your inbox minutes later...
Sadly, these are all examples of accommodation scams – which are among the most common types of holiday fraud, according to travel industry body ABTA. Criminals set up convincing fake websites, hack into legitimate accounts and post scam ads on social media, all in an attempt to steal your cash. In the worst cases, you may turn up only to find the accommodation you booked isn't available – or doesn't exist.
How to protect yourself:
- Pay on plastic. If you're asked to make a bank transfer or use a currency transfer service, such as MoneyGram or Western Union, this is likely to be a scam – and you've very little protection if something goes wrong. In contrast, paying on a debit or credit card gives you chargeback or Section 75 protection.
- Check for feedback. Don't just rely on the firm's website. If the company is unfamiliar, search online for reviews and feedback.
- Scrutinise the company's contact details. Is there an address and a working phone number? Can you easily get through to customer services? Are they responsive? Is there an online chat? A lack of working contact details could indicate a scam.
2. Clone holiday booking websites – don't click links in emails and texts
Fraudsters can duplicate legitimate websites – sometimes down to the smallest detail. They can then use these to steal your money or harvest your personal information or payment details.
The following examples were shared by cyber security firm Trend Micro in a recent alert:
Fake Airbnb website
Fake Booking.com website
To be clear, these clone websites are fakes set up by criminals and have nothing to do with the legitimate Airbnb and Booking.com.
How to protect yourself:
- Check the website address. For example the official Airbnb website is www.airbnb.co.uk and the official Booking.com site is www.booking.com – but the fake Airbnb website above was at Airbnb[.]ld83528[.]ru, while the Booking.com fake was at SecurePropertyCheck[.]com (we've inserted square brackets into the URLs to try to prevent them from being picked up as working links).
- Don't click links in emails or texts. If in doubt, go directly to the website by typing in the website address yourself.
3. Bogus cancellation refunds – guard your personal details
Having a flight or hotel booking cancelled is stressful enough – and worse still, scammers can often jump on these moments as an opportunity to defraud you.
There are a number of ways this can happen, as highlighted by banking trade body UK Finance's Take Five To Stop Fraud campaign:
- Fraudulent emails that look like they're from the travel company. The emails may invite you to claim a refund but link to a fake website used to steal your personal and financial information. They may use official branding to try to convince you they're genuine.
- Spoofed calls from 'refund agents'. The caller may claim to be able to offer an instant refund if you give them your bank details. You may even be asked to make an upfront payment as an administration or handling fee.
- Fake customer service accounts on social media. Criminals can create fake social media accounts imitating those of real firms or organisations, claiming to be able to help with refunds or claims. But the real goal is to get you to share your details in a private message or through a fake website.
How to protect yourself:
- Don't let yourself be rushed or pressured. Scammers may try to create a false sense of urgency in their attempts to trick you – be cautious of this. If in doubt, don't proceed.
- Make sure you're dealing with the real firm before sharing ANY info. If unsure, stop and go directly to the firm's official website (don't click links in emails or texts) – look at the website address to make sure. You can then find its social media profiles and contact numbers.
4. Sham giveaways – beware unsolicited contact
Got an email, text, or WhatsApp message out of the blue offering an unmissable deal or giveaway? Be very careful – it could be a scam.
The exact form of this type of scam can vary a lot, as scammers will tailor their messaging around specific brands, holidays or events. Here's an example of a WhatsApp scam which did the rounds last summer, as reported by consumer group Which:
It's important to reiterate that the details can vary, from the nature of the fake promotion to the brand – for example, British Airways, EasyJet, Ryanair and others have also been targets.
How to protect yourself:
- Be extremely wary of ANY unsolicited contact. Even if it looks authentic and uses the right branding, it's likely to be a scam.
- Look closely at links and website addresses. In the above example, the link has been shortened to conceal the true destination – a telltale sign of a scam.
- Check the brand's official website. Is there any mention of the deal or discount? If not, it's likely to be a scam. If in doubt at all, contact the firm directly and ask.
Think you've been scammed? Here's what to do
Take the following steps:
- If you've already responded to a scam, end all communication immediately.
- Call your bank directly and cancel any recurring payments – or, for speed and ease, you can call the 159 hotline.
- Report the scam to the police through Action Fraud on 0300 123 2040, or report a scam anonymously on the Action Fraud website. If you're in Scotland, report a scam through Advice Direct Scotland on 0808 164 6000 or on the Advice Direct Scotland website. You can also report scams to Police Scotland on 101.
- If you need more help, contact the Citizens Advice helpline on 0808 223 1133 or via its website.
The National Cyber Security Centre (NCSC) sets out a number of different ways to report scams depending on the type:
- Emailed scams. If you get a dodgy looking email, you can report it to the NCSC by forwarding it to email@example.com. Remember not to click on any links within these emails.
- Text scams. If you get a suspicious text message, you can forward it to the number 7726 – this will allow your provider to track the origin of the text and arrange to block or ban the sender if it's a scam. You can also report scam text messages to firstname.lastname@example.org – remember to provide a screenshot of the text message.
- Website scams. If you notice a website or URL that doesn't look quite right, you can easily report the web page to the NCSC directly via its online form.
- Scam adverts, including ads on newspaper websites, paid-for search engine ads, or ads appearing on social media. These can currently be reported to the Advertising Standards Authority through its online form.