Ready, set, pack! Summer travel season is here and that means family road trips, beach vacations, international adventures and more. While summertime is prime time for getaways, did you know it’s also prime time for online fraud? Scammers are targeting the travel industry, putting millions of travelers at increased risk. Research shows that the travel and tourism sector ranked third in cyberattacks, with nearly 31% of hospitality organizations experiencing a data breach and a record 340 million people affected by cybercrimes. According to Mastercard, travel-related fraud in 2024 increased by 18% during the summer peak season and 28% in the winter peak season.
Why travelers are prime targets
Being in an unfamiliar environment can put your personal information at risk if you’re relying on public Wi-Fi networks, using shared devices, and carrying valuable personal and business data on mobile devices. Let’s be honest, when you go into “vacation mode” and start relaxing, it’s only natural that you might also start letting your guard down. Even the best trips can have stressful moments, and when you miss a flight or get lost in a new destination, it’s easy to become less vigilant about protecting your cybersecurity. This is especially true when you travel to foreign countries. In fact, 90% of international travelers admit to risky tech practices while abroad. Fewer than 1 in 3 travelers (31%) protect their data with a virtual private network (VPN) when traveling internationally.
What to know before you go
Believe it or not, the risks to your data security start long before your vacation begins. As soon as you start booking your trip, the cybercriminals start circling. Fraud rates in sectors associated with the early stages of trip planning increased more than 12% between 2023 and 2024. At a time when inflation and economic pressures are on the rise, people are looking for deep discounts, and scammers are seizing the opportunity to steal your private data and your money.
- Fake travel websites and rental listings: When you find a killer price on a luxury cruise, a European tour or an oceanfront Airbnb, take another look before you book! Scammers use phony offers, manipulated destination photos, and fake confirmation links to lure victims into “purchasing” great travel deals. Always double check and confirm you’re dealing with a legitimate website or listing before you hand over any credit card information.
- Phishing scams: Phishing scams that target travel-related platforms are on the rise. Cybercriminals pose as legitimate organizations and use fake emails, text messages and phone calls to lure you into giving up financial information. These messages often ask you to click on links that embed malicious software onto your device and steal your sensitive data. In 2024, the travel website booking.com reported a 500%-900% increase in travel-related phishing scams. This rise was attributed to the large number of scams using AI, making it easier for criminals to mimic trusted sources. If you get a suspicious message, call the company or go to their website and log in directly before clicking on any links.
- Loyalty fraud: Loyalty fraud, also known as points fraud, happens when scammers steal points or personal information from a loyalty program. The travel industry is especially vulnerable to this type of attack because so many travel-related companies, including travel agents, cruise lines, airlines and hotels, offer points programs for frequent travelers. Thieves often access loyalty accounts with credentials stolen in a data breach. Be sure to create strong passwords for your accounts and check your balances regularly.
Pre-trip security
Before you hit the road, help protect your digital data and devices with a few simple security practices.
- Alert your financial institutions: Only about half of travelers (52%) alert their financial institutions before traveling abroad, but it’s a powerful way to fight cybercrime. When banks and credit card companies know your travel plans, it’s much easier for them to flag any suspicious transactions.
- Turn off your Bluetooth: Bluetooth technology automatically creates wireless connections and can give cybercriminals the ability to see what apps and websites you’re logged into. Only 44% of travelers say they make sure to turn off their Bluetooth signal, but it’s a simple way to thwart hackers. It’s also a good idea to turn off device sharing features and update your passwords before a trip.
- Update your Wi-Fi setting: Joining unknown Wi-Fi networks is very risky and can open up your personal data to hackers. Since public Wi-Fi often has weak security, it’s important that your phone doesn’t connect to unsecured networks automatically. Make sure to go into your phone settings and disable auto-join for unknown Wi-Fi networks. It’s a simple way to add a layer of protection when you travel.
- Use “Find My Device” features: Enable the tracking features on your devices that can locate them if they’re lost or stolen – Find My device for iOS and Find Hub for Android.
Cybersecurity travel risks
- Rental cars: Did you know that the simple act of syncing your phone to your rental car’s infotainment system can expose your sensitive information to cybercrime? Your phone contains all kinds of information that hackers can use, including contacts, text messages, passwords and more. Infotainment systems store your information each time you connect, and it stays there unless you manually delete it. Security experts say while 57% of people sync their phones to rental cars, only half of them take steps to remove their information. Always remember to delete your profile and data from your rental car before returning it!
- Screen snoopers: Be cautious of screen snoopers (aka shoulder surfers) who try to see the activity on your laptop or phone in public places like planes, airports, and restaurants. To prevent hackers from stealing your passwords and other private information, use privacy screen protectors to shield your screens from prying eyes and always stay aware of your surroundings.
- Airport and hotel Wi-Fi: Always be wary of public Wi-Fi networks when you’re on the road. They’re often unprotected and can make it easy for cybercriminals to intercept your data. Poor Wi-Fi security at airports and hotels can allow hackers to swipe your credentials, lock you out of accounts, and even demand a ransom for your stolen data. To ensure safety while online on public WIFI, purchase a VPN for your devices, like Webroot’s Secure VPN.
- Fake hotspot attacks: Fraudsters often set up fake hotspots to steal your information. Sometimes they alter the name of a genuine hotspot slightly (Starbucks-Coffee instead of StarbucksCoffee) to trick you into connecting. Always double-check the full network name before logging on to a public hotspot. Also, check to see if the site is using encryption. Legitimate sites that begin with “https” protect your information and make it unreadable to hackers.
- Charging stations: Public charging stations are super convenient when you’re running low on battery, but they can also pose security risks. Cybercriminals can install malicious software on these stations to steal your device’s data, a tactic known as juice jacking. Always avoid plugging directly into public charging stations and play it safe by packing your own wall chargers, car chargers and external batteries when you travel.
- Business centers and airport Lounges: Business Centers and lounges typically provide desktop computers for simple tasks like checking emails or printing boarding passes. While convenient, these public computers may be risky, as attackers can plant malware or install hardware that records your keystrokes. When traveling, use your personal devices whenever possible.
Travel safety best practices
- Use Wi-Fi networks safely: Always connect using the public Wi-Fi setting, and do not enable auto-reconnect. Always confirm an HTTPS connection when browsing the internet. Avoid accessing websites that require you to supply personal data, such as social security numbers.
- Avoid financial sites: Refrain from checking your personal banking apps or financial information over public Wi-Fi.
- Use VPN protection: A VPN encrypts your internet connection, providing a secure channel for your data. Webroot Secure VPN gives you security and peace of mind by protecting your personal information when you’re on public Wi-Fi.
- Enable two-factor authentication: Use Two-factor Authentication (TFA) on your gadgets and electronic devices. Adding an extra layer of security to your accounts can prevent unauthorized access.
- Limit public posts about your location: Avoid sharing specific details about your location and travel plans on social media to prevent potential targeting by scammers.
- Check mobile device settings: Adjust the screen settings on your devices to allow for a shorter automatic sleep feature. Implement screen locks, biometric security, and privacy settings for location services.
- Bring portable chargers: Avoid using public charging stations by bringing your own power sources.
- Install comprehensive security software: Use antivirus solutions to safeguard you from online threats, including bank fraud and identity theft. Webroot Total Protection offers comprehensive security, including real-time threat detection and response, automatic updates, and cloud backup. Other features include Wi-Fi security monitoring, secure browsing, and password management.
No matter what your summer destination, make cybersecurity part of your travel plans. From securing your Wi-Fi connection and turning off Bluetooth to enabling two-factor authentication, small steps can make a big difference. Let Webroot keep all your digital data safe while you’re on the go. Then all you have to worry about is remembering to turn on your out-of-office reply!
Looking for more information?
Fighting Back Against Loyalty Fraud
