top of page

Booking holidays? Make sure you’re not falling for scams

Updated: Jun 24

With summer officially here, many of us are now planning to escape on our hols, whether that’s enjoying a ‘staycation’ here in the UK or travelling abroad. Regardless of where you’re going, it’s important that you make sure you’re booking with genuine holiday providers, and not giving your hard-earned cash away to scammers


Unfortunately, scammers are constantly finding new ways to deceive travellers, highlighted recently in a scam relating to ‘’ a popular online travel booking platform.  


So, how you can protect yourself from fraudsters and ensure your holiday remains stress-free and enjoyable?

How the scam works 

In a recent case highlighted last year concerning customers, partner hotels were targeted to obtain details of customers using the online travel agency, who were then emailed and informed that they had 24 hours to make payments. 

During the initial phase of the attack, partner hotels used by an online travel agency are emailed by the hacker purporting to be a genuine customer. The email contains a malware attachment, which upon being opened allows the criminal access to details of all the hotel's customers using the online travel agency, as was the case in the incident, which utilised a malware called ‘Vidar Infostealer’. 

Having obtained the customers information, the second phase of the scam involves an email being sent to them asking for urgent payments to secure their booking or risk losing their reservation. The money is then inadvertently paid into the hackers’ account. 

Signs of a scam 

Now you’re aware of the scam, how exactly can you spot it, especially if it looks so real? Here are some key signs that a communication from an online holiday company might be fraudulent: 


Unexpected payment requests 

If you receive a message asking for additional payment to secure your reservation, be wary. Legitimate hotels usually handle all payments through a genuine companies’ website or app, and any requests for direct payments should be treated with caution. 


Urgency and threats 

Scammers will often use scare tactics to pressure you into making a quick decision. Of course, real businesses don’t do this, so messages that threaten a sudden cancellation if you do not pay immediately are a common sign of a scam. 


Suspicious links 

This is an obvious one as nowadays, most people are aware that you need to be cautious when suspicious links arrive in your inbox, but a reminder never hurts! Scammers often use phishing links to trick you into entering your payment details on a fake website, so always be careful and avoid clicking links. 


Poor grammar and spelling 

Many scam messages contain noticeable errors in spelling and grammar. While not a definitive sign, it can be an indicator that the message is not from a legitimate source. Unfortunately, AI (Artificial Intelligence) programmes like ChatGPT are making it easier for scammers to write convincing messages so don’t just assume because it doesn’t have errors that it’s real either. 


Unusual contact methods 

If the message asks you to communicate or pay through unconventional methods outside of the genuine website or app, it's almost one hundred percent a scam. 


Preventive measures 

So, now you understand the scam and know what signs to look for, the next question on the tip of your tongue is undoubtably “how can I prevent it happening to me?”. Taking proactive steps to protect yourself can help you avoid falling victim to these scams, so here are some practical tips to keep in mind: 


Verify booking details 

Make sure that you always confirm your booking details directly through the company’s website or app. It’s best to avoid relying on information provided in emails or messages that seem suspicious. 


Use official channels 

Always communicate with hotels and booking agents through their official messaging system. Never use any of the alternative contact methods suggested in unsolicited messages, booking agents would never ask for this so it’s a key sign of a scam. 


Check for HTTPS 

When visiting any website linked in a message, ensure the URL begins with "https://" which indicates a secure connection. Be wary of websites that do not have this security feature, it’s a sign that it’s not secure and that data you enter may be stolen. 


Update your software 

We know it’s easier to just keep tapping those ‘update later’ buttons, but it’s really important that you keep your antivirus and anti-malware software up to date. This is one of the best ways to protect against malicious attacks that can put your email and personal information at risk. 


What to do if you suspect a scam 

Despite your best efforts, you might still encounter a suspicious message or even fall victim to a scam. Here’s what you should do if that happens: 


Report the scam 

Immediately report any suspicious messages to Action Fraud. They can then investigate the issue, confirm whether it’s a scam, and take action to prevent other users from being targeted. 


Contact your bank 

If you have made a payment through a fraudulent link, contact your bank or credit card company right away. They can help you to secure your accounts and possibly even recover your money, although this is not a guarantee.  


Change your passwords 

If you suspect your account has been compromised, change your passwords immediately and log out of all sessions. Use a strong, unique password for each of your online accounts, we’re talking capitals, special characters, and numbers. Try to avoid anything too obvious, for example, your pet’s or children’s names as you’ll likely have this all over your social media and it can be easy to guess. The National Cyber Security Centre recommends using three random words as your password, just don’t forget to also put in capital letters, symbols, and numbers. 


Monitor your accounts 

Make sure you keep an eye on your bank and credit card statements for any unusual activity or anything that you don’t recognise. Report any unauthorised transactions to your bank as soon as possible, the faster you report it, the more likely they’ll be able to help. 


Final thoughts 

Booking a holiday should be exciting and stress-free, and with these tips, it can be! Just remember to stay vigilant and if something seems suspicious, it probably is. Happy travels! 



Need some extra help with your organisation’s cyber security? Contact us today to find out how we can help. 


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page