5 online travel scams to avoid
Many people go online to sniff out good deals on flights, accommodation and attractions. But a survey published in June by computer security software company McAfee, which polled 500 people in Singapore, showed that almost one in three (or 29 per cent) has encountered scams when booking trips online.
Here is how to make sure you snare a bargain without getting ensnared in online travel scams.
1. FAKE BOOKING SITE
When booking a hotel, make sure the site you are on is authentic before entering any personal or credit card details.
Fake hotel sites use pictures and logos of the actual hotel to resemble the original site. They are designed to be search engine-friendly and may even include the hotel name in the URL. You may be redirected to a fake booking site by clicking on a link in your e-mail or on a pop-up window.
How to avoid this: Access websites by typing the address into the search bar rather than clicking on a link. Make bookings only on encrypted sites with addresses starting with HTTPS rather than HTTP - the S stands for secure - as well as a lock icon in the address bar.
Encrypted sites prevent hackers from viewing or modifying the information you submit on an Internet browser, such as passwords and credit card information. Encryption is not foolproof, but it is one way to indicate a website's legitimacy.
2. BEWARE OF FREEBIES
Does a free hotel stay or free flight sound like a good deal? Not when it is in exchange for your login details. Often, airlines or hotels appear to dangle such freebies from their "official" social media accounts - all you have to do is click on a link and share the post with your friends.
But the link leads to a fraudulent phishing site where users must input their login and credit card details or are asked to change their password before they can claim the freebies. Scammers will then have access to these details and can use them to steal funds or make unauthorised purchases.
How to avoid this: The age-old adage applies - if something looks too good to be true, it probably is. Be wary of clicking on suspicious links.
It is helpful to have a credit or debit card secured by two-factor authentication, which requires you to confirm a purchase by providing an SMS code.
Some cards, like the newly launched multi-currency debit card from global fintech company Transferwise, allow users to confirm a purchase via in-app verification, which is useful when you are using an overseas SIM card and phone number.
3. FAKE E-VISA SITES
Search for online visas to India, Australia and the United States, and Google throws up many sites. But only one belongs to the official government agency of the country.
The others are third-party websites disguised to resemble official ones. Some tout lower rates than official sites, while others charge a mark-up for processing the same visa. Yet others do not deliver the visa or say it has been "denied".
Even if you receive the promised visa, the information you have provided, such as your name and address, is now in the hands of a private, and possibly fraudulent, company.
How to avoid this: Apply for travel documents only on websites run by the relevant government agencies. When in doubt, read the fine print at the bottom of the site or check the "About us" page. For instance, one non-official website hawking the United States ESTA states that "This website is owned and operated by sweet start-up ltd, a private company. We are not affiliated with any government or embassy".
4. FAKE FLIGHT CHECK-IN PAGE
Before your trip, you may receive an e-mail with a link to check in for your flight. The link takes you to an official-looking site where you are asked to enter your passenger name record or "log in" to your frequent flier account.
Hackers will then have access to your login credentials and can steal frequent flier miles. They can also change your seat and meals or even cancel your flight reservation.
How to avoid this: Posting about your travel plans on social media may make you a target. Consider restricting such posts only to close friends.
Be wary of such e-mails. If you receive one, call your airline to verify that your tickets are still valid.
5. LOYALTY PROGRAMME HACK
Fraudsters are also targeting rewards such as air miles or hotel loyalty points. But instead of trying to dupe you into revealing information, they brazenly steal it, logging into accounts with credentials that were either stolen or bought on the Dark Web - a part of the Internet accessed only with special software and hosts illicit services.
Hackers either redeem your points, transfer them to another account or sell them.
Last year, The Straits Times reported that stolen air miles from up to 15 loyalty programmes, including Singapore Airlines, Emirates and Delta, were being sold on the Dark Web for about US$884 (S$1,207) for 100,000 miles - about 40 per cent less than the actual value.
E-commerce fraud prevention firm Forter estimates that loyalty fraud rose by 89 per cent from last year to this year, partly because merchants put less emphasis on safeguarding loyalty programmes, compared with credit card transactions.
Forter's chief marketing officer Angela Whiteford says: "Points accrued in a customer's account are treated like digital goods - redemption is wholly conducted online and requires no stolen credit card information to execute. Fraudsters are thereby able to leverage these points as free funding sources and, given the minimal mitigation efforts by merchants, are able to consistently do damage without raising suspicions."
How to avoid this: Set strong, alpha-numeric passwords for your loyalty programme accounts and change them regularly.
Do not use the same password for multiple accounts as fraudsters often use bots to test the same set of stolen credentials across various sites.