With a four out of five rating on travel platform TripAdvisor and 130 reviews, The CentrePoint in Chennai, India, looks like a promising budget hotel. But a red banner on its listing will give prospective customers pause.

It is one of about 350 businesses slapped with a penalty badge, the most severe penalty TripAdvisor metes out to fraudulent businesses listed on its website. This is one way it is fighting back against businesses that use fake reviews to boost their ratings.

Last month, it released its first Review Transparency Report, detailing how it weeds out fake reviews from the millions submitted to the website each year.

It was a timely move for the worldwide ratings and bookings platform, which came under fire last month from Which?, a British consumer organisation, for failing to stop fraudulent posts.

TripAdvisor acknowledged the problem of fake reviews, but said these occur far less frequently than charged. Last year, 1.39 million out of 66 million TripAdvisor review submissions, or 2.1 per cent, were found to be fake.

Eliminating fake reviews is a two-step process. First, an automated system screens reviews to detect suspicious electronic behaviour patterns, such as individuals who post reviews in quick succession or multiple reviewer accounts submitting content from the same device. The latter is often a sign of a paid review company at work.

TripAdvisor's senior director of trust and safety, Ms Becky Foley, says fraudulent reviews are automatically rejected, while human moderators follow up on those that require further investigation.

Despite these efforts, about one in four fake reviews made it onto TripAdvisor last year before being reported and removed.

Singapore businesses have been hit too. Over the past five years, home-grown walking tour firm Indie Singapore, ranked No. 1 out of 146 tours and activities in TripAdvisor's food and drink category, received about 15 fake negative reviews.

Indie Singapore founder Toh Thiam Wei says these fake reviews often include factual inaccuracies. A one-star review describing a Little India tour - which the firm did not run at that time - said the guides were late and forced guests to buy things. The firm's tours are run by one guide each and do not include any shopping stops.

Mr Toh reported the fake reviews to TripAdvisor, which takes about three days to remove them. But the damage was already done. "In Singapore, it can get quite competitive as the top few tours are all pretty good and, once your ranking falls, it is hard to recover," he says.

He has also received e-mails peddling fake reviews, which cost about $20 for one bad review or four good ones. He has never bought any and believes that doing so would be unethical.

But not everyone shares his ideals. A quick Google search throws up sites hawking fake reviews for as low as US$2 (S$2.73) each. Other sites are less blatant.

Ms Foley says: "Some companies hide behind terminology used by legitimate marketing firms - including phrases such as 'reputation management' or 'review collection' - in order to persuade unsuspecting clients that their service is both professional and legal."

More paid reviews originate from certain areas, such as Russia, India, Italy, France and the United States.

Cracking down on fraudsters, who multiply daily, can feel like a game of whack-a-mole, but TripAdvisor investigators are trying to make headway. The investigators track sites advertising fake reviews, pose as restaurant or hotel owners, and chat with the site administrators to find out the reviewer accounts they use.

Ms Foley says TripAdvisor blacklists these accounts, adding: "By identifying just one paid reviewer's account, our investigations can gather enough information to uncover a whole network of paid review activity."

Despite the efforts, all acknowledge it will be difficult to eradicate fake reviews entirely.

Mrs Angela Whiteford, chief marketing officer of e-commerce fraud prevention company Forter, says: "Fraudsters selling fake reviews are doing it as a full-time job. They build coalitions and are always coming up with new ways to beat the system."

She adds that companies should aggregate data on user behaviour to have a clearer picture of what fraudulent patterns look like.

Ms Foley is trying to find a way to do this. As TripAdvisor is just one corner of the Internet, she says the firm is open to working with other review platforms such as Google and Facebook to root out bad actors.

But these platforms have long been tight-lipped about their methods. Both Google and Facebook did not respond to specific queries from The Sunday Times.

A Google spokesman would only say: "We use automated and manual systems to detect spam and fraud, but tend not to share details behind our processes so as not to tip off spammers or others with bad intent."

Despite the bad eggs, many people continue to rely on TripAdvisor because the vast majority of reviews are authentic.

Assistant Professor Andrew Duffy from Nanyang Technological University's Wee Kim Wee School of Communication and Information, who wrote his 2013 PhD thesis on issues of trust and TripAdvisor, says: "Trip-Advisor is like the MRT. It has massive utility and to focus only on breakdowns misses the point of what the site does."

Some travellers, like Mr Keith Jonathan, 28, read about five to six reviews for each hotel on TripAdvisor, looking out for descriptions such as cleanliness and noise levels. The client service manager also reads reviews on booking sites such as Agoda or Trip.com.

He says: "I don't trust any site 100 per cent. It's important to cross-check for added security."

5 online travel scams to avoid

Many people go online to sniff out good deals on flights, accommodation and attractions. But a survey published in June by computer security software company McAfee, which polled 500 people in Singapore, showed that almost one in three (or 29 per cent) has encountered scams when booking trips online.

Here is how to make sure you snare a bargain without getting ensnared in online travel scams.

1. FAKE BOOKING SITE

When booking a hotel, make sure the site you are on is authentic before entering any personal or credit card details.

Fake hotel sites use pictures and logos of the actual hotel to resemble the original site. They are designed to be search engine-friendly and may even include the hotel name in the URL. You may be redirected to a fake booking site by clicking on a link in your e-mail or on a pop-up window.

How to avoid this: Access websites by typing the address into the search bar rather than clicking on a link. Make bookings only on encrypted sites with addresses starting with HTTPS rather than HTTP - the S stands for secure - as well as a lock icon in the address bar.

Encrypted sites prevent hackers from viewing or modifying the information you submit on an Internet browser, such as passwords and credit card information. Encryption is not foolproof, but it is one way to indicate a website's legitimacy.

2. BEWARE OF FREEBIES

Does a free hotel stay or free flight sound like a good deal? Not when it is in exchange for your login details. Often, airlines or hotels appear to dangle such freebies from their "official" social media accounts - all you have to do is click on a link and share the post with your friends.

But the link leads to a fraudulent phishing site where users must input their login and credit card details or are asked to change their password before they can claim the freebies. Scammers will then have access to these details and can use them to steal funds or make unauthorised purchases.

How to avoid this: The age-old adage applies - if something looks too good to be true, it probably is. Be wary of clicking on suspicious links.

It is helpful to have a credit or debit card secured by two-factor authentication, which requires you to confirm a purchase by providing an SMS code.

Some cards, like the newly launched multi-currency debit card from global fintech company Transferwise, allow users to confirm a purchase via in-app verification, which is useful when you are using an overseas SIM card and phone number.

3. FAKE E-VISA SITES

Search for online visas to India, Australia and the United States, and Google throws up many sites. But only one belongs to the official government agency of the country.

The others are third-party websites disguised to resemble official ones. Some tout lower rates than official sites, while others charge a mark-up for processing the same visa. Yet others do not deliver the visa or say it has been "denied".

Even if you receive the promised visa, the information you have provided, such as your name and address, is now in the hands of a private, and possibly fraudulent, company.

How to avoid this: Apply for travel documents only on websites run by the relevant government agencies. When in doubt, read the fine print at the bottom of the site or check the "About us" page. For instance, one non-official website hawking the United States ESTA states that "This website is owned and operated by sweet start-up ltd, a private company. We are not affiliated with any government or embassy".

4. FAKE FLIGHT CHECK-IN PAGE

Before your trip, you may receive an e-mail with a link to check in for your flight. The link takes you to an official-looking site where you are asked to enter your passenger name record or "log in" to your frequent flier account.

Hackers will then have access to your login credentials and can steal frequent flier miles. They can also change your seat and meals or even cancel your flight reservation.

How to avoid this: Posting about your travel plans on social media may make you a target. Consider restricting such posts only to close friends.

Be wary of such e-mails. If you receive one, call your airline to verify that your tickets are still valid.

5. LOYALTY PROGRAMME HACK

Fraudsters are also targeting rewards such as air miles or hotel loyalty points. But instead of trying to dupe you into revealing information, they brazenly steal it, logging into accounts with credentials that were either stolen or bought on the Dark Web - a part of the Internet accessed only with special software and hosts illicit services.

Hackers either redeem your points, transfer them to another account or sell them.

Last year, The Straits Times reported that stolen air miles from up to 15 loyalty programmes, including Singapore Airlines, Emirates and Delta, were being sold on the Dark Web for about US$884 (S$1,207) for 100,000 miles - about 40 per cent less than the actual value.

E-commerce fraud prevention firm Forter estimates that loyalty fraud rose by 89 per cent from last year to this year, partly because merchants put less emphasis on safeguarding loyalty programmes, compared with credit card transactions.

Forter's chief marketing officer Angela Whiteford says: "Points accrued in a customer's account are treated like digital goods - redemption is wholly conducted online and requires no stolen credit card information to execute. Fraudsters are thereby able to leverage these points as free funding sources and, given the minimal mitigation efforts by merchants, are able to consistently do damage without raising suspicions."

How to avoid this: Set strong, alpha-numeric passwords for your loyalty programme accounts and change them regularly.

Do not use the same password for multiple accounts as fraudsters often use bots to test the same set of stolen credentials across various sites.