Cyberattackers are significantly innovating their tactics and targeting the travel and hospitality industries. Some recent examples:
It’s not just the hotels that are getting hit hard, either. The latest wave of hacking schemes is pouncing on travelers in unfortunate ways.
The number and availability of apps and online services for travelers grows every single day. Many travel apps offer promises of convenience and rewards for downloading and using them, but they unfortunately come with a darker side.
The latest round of cyberattacks represents a strong understanding of the hotel industry’s standard processes and typical customer interactions.
Hackers recently found a hole in Booking.com’s security, which allows them to use the hotel partner’s login credentials to enter Booking.com accounts and send urgent messages to travelers regarding their reservations.
Let’s take a look at why this is happening and how you can avoid hotel hacking scams.
The airline industry is pretty carefully regulated to protect passenger privacy, but that’s not true for the entire travel industry.
Online travel agencies often share personal data with multiple parties when booking. Travel companies have lots of personal information, including full names, driver’s license numbers, birth dates, travel dates, loyalty numbers, passport numbers, etc.
The travel industry’s digital systems were designed to increase profits, not to protect your personal information. Until there are real consequences for travel companies, it’s not going to change.
It’s not your fault, it’s not going to stop anytime soon, and you’re probably going to pay for it.
Here’s how to safely book a hotel room without getting scammed.
Booking services promise all kinds of things like better room prices and exclusive access, but there’s nothing they provide that the hotel doesn’t deliver.
Use booking services only for price comparisons and research, and book directly with the hotel instead.
If your hotel sends you an email asking for additional information, never click the links! Go to the secure website instead, or better yet, call and provide the info.
Most of the time you’ll find the hotel never needed any information at all! Usually, that email is a phishing scam.
If you receive a request for passport numbers from an email that looks like it came from a hotel you booked, don’t reply.
It may seem logical that a foreign hotel representative needs to see your passport, but that happens at check-in. Never share passwords or private data over email.
Don’t connect to public networks without a VPN, and keep close track of your devices and where they’re plugged in. Hackers have figured out how to infect public USB charging ports with malware.
If a hotel needed some information, it would have gathered it at booking time, so any ‘urgent’ requests are typically scams. Here are some examples:
If your credit card has been compromised, your bank will know – verify with them. If your hotel reservation is in jeopardy, the hotel will know – verify with them.
Don’t just delete the apps! It may sound easier, but that data could be stored with the app system.
Do this instead:
Damian Tysdal is the founder of CoverTrip, and is a licensed agent for travel insurance (MA 1883287). He believes travel insurance should be easier to understand, and started the first travel insurance blog in 2006.