Travel scams up 4x as pandemic recedes and travelers take flight

When the pandemic took hold around the globe back in the Spring of 2020, business and leisure travel pretty much froze overnight. Government restrictions on international travel, combined with local lockdowns, had large swaths of the global population staying put. This meant no air travel, no hotels, no rental cars, nothing, for the rest of 2020.

Fast forward to now, the Summer of 2021, and life is quite different for many countries. Here in the U.S., with multiple vaccines on hand and being administered, we’re seeing many restrictions being lifted, and the great travel freeze thawing out. We haven’t yet reached pre-pandemic travel levels but we’re way up from this time last year. According to TSA passenger throughput data, travel on 6/20/2021 (the first day of Summer), eclipsed the 2.1M mark. This is still below the 2019 mark of ~2.7M travelers, but up almost 4 times from this time last year (~590k).

As one would expect, the travel urge has resulted in surges of online activity as travelers once again open up their wallets to book flights and hotels, rent cars, and shop for travel deals. And none of this is lost on fraudsters and scammers who have come out in full force to capitalize on the opportunity. In fact, Bolster Research observed a 4x increase in travel-related scam activity in the first 6 months of 2021. (See Figure 1.)

Figure 1. Travel scams up more than 4x since start of 2021 (source: Bolster Research)

The research data shows a steady increase in travel scam activity through the first 4 months of 2021. This uptick tracks closely with vaccine rollouts as growing numbers of front-line workers, at-risk populations, and portions of the general population started receiving doses and the economy re-opened for people to start moving about. April into May reveals the biggest uptick, from a little over 3,000 scam sites to over 5,000 scam sites. This uptick also tracks closely to vaccine rollout data as vaccine availability rapidly went from over-75 populations, to over-50 populations, to anyone over 16, across all 50 states in that same time period. (See Figure 2.)

Figure 2. US COVID vaccination rate (source: Our World in Data)

Here are some sample findings of travel-related scam sites based on Bolster Research:

Leaving on a jet plane?

If you are, beware of the fake reservation site. Bolster Research found many of the major airlines are susceptible to fake sites, syphoning business from unassuming would-be customers. Take a look at this fake American Airlines site:

Figure 3. Fake American Airlines site

At first glance, this site might look legit. It even says ‘American Airlines Official Site’. But looking at the logo and web domain (americanarflights) reveals something quite suspicious.

Check out our CheckPhish Insights Page to see more about this site:
https://checkphish.ai/insights/url/1619941479835/92c2f44e5737edb843f44189c278edd60fe6cb31350fafa97b82e7c256ca01a8

And here’s one for United Airlines:

Figure 4. Fake United Airlines site

Again, looks pretty legit right? Logo is a match, and the content looks appropriate. But don’t open up your wallet quite yet, it’s a scam site. The results on the CheckPhish Insights page provides 3 major clues: 1.) The site is not using HTTPS protocol; all major brands must use HTTPS to ensure secure communication; 2.) A suspicious looking domain (‘united-airlines-bookings.us’); and 3.) It uses a lesser-known hosting provider (Wildcard UK Limited).

View CheckPhish Insights Page:
https://checkphish.ai/insights/url/1619522939975/58cb13a83a83be5d21fa5b62ae9979901dec5d5b2ba7addcf1ccc1720777d6cf

Delta Airlines is also target:

Figure 5. Delta Airlines scam site

Here again, looks legit right? Well kind of. The logo isn’t exactly right despite the site claiming to be official. Also 3 more clues from the CheckPhish Insights page: 1.) Site is not using HTTPS; 2.) There’s a suspicious hyphenated domain (‘deltaair-lines-reservation.com’); and 3.) It uses a lesser-known hosting provider (PDR) in use.

View CheckPhish Insights Page:
https://checkphish.ai/insights/url/1620929390331/8d128d27d996bacfcea69df815392455728c80fccc747e2d6e68455542ecf71f

Looking for a place to crash?

While airlines are definitely getting hit the hardest with scams, our research revealed an uptick in scams affecting rental car sites, hotel and accommodation sites, and general travel sites. Here’s a fake Airbnb login page for example:

Figure 6. Fake Airbnb login page

Login pages are particularly nefarious since there isn’t a lot of content needed to replicate it and the login form itself is simple. And here, an unsuspecting visitor could get easily fooled, especially given the top bar with logo and button functionality. But CheckPhish Insights tells a different story: 1.) The site is not using HTTPS; 2.) It has a suspicious domain (‘abnb-rooms-192912.online’); 3.) Past phishing activity was detected on both the host and the IP address.

View CheckPhish Insights page:
https://checkphish.ai/insights/url/1621917797187/b81848f7b4457611446a3d02c2d704eeafe2bf9a934082937e6d4ba03e568e14

Tips to stay safe:

It’s clear that while there may be vaccines to save humanity, there apparently is not one for online fraud, at least not yet. So here are some tips for consumers and businesses to stay safe:

Consumers: Always visit official reservation sites directly and avoid clicking on referral links to get there. When on a reservation site, verify the HTTPS protocol is instantiated and check the URL for anything obviously suspicious. Check the page itself for correct logo, spelling and formatting. And of course, when in doubt, scan the URL before clicking on it with a scanning tool like CheckPhish (www.checkphish.ai) to ensure the site is clean or to report abuse.

Travel industry businesses: If you’re in the travel industry, you have to know that there’s a good chance your business is a target. To be sure, run an audit against your domain portfolio to determine exposure and risk to typosquat instances that could be used to stage email scams or host fake sites. And if needed, Bolster can help with a free, no-obligation, Domain Risk Report. You can learn more about the elements of the Domain Risk Report in an earlier blog (Are You the Master of Your Domain?), and sign-up for your free report down below.

Businesses at large: There are a  few dynamics to note here. For starters, your employees are most likely looking to cash in on some of their long-overdue PTO balances. And this might mean they’re doing some planning on the company network with the company computer. No need to chastise unnecessarily, but notifications from the Security team to employees to be extra vigilant about such scams is a good measure. The other dynamic is the return to business travel. Depending on how it’s done in your company, individual employees may be booking their own business travel. They, too, need to be alerted to potential scam sites that could affect the company dime. And if your company has an in-house travel booker, it’s smart to notify them too!

In the end, always be vigilant, follow these steps, and enjoy your vacation!

Learn More:

Bolster Domain Risk Report:
https://bolster.ai/domain-risk-report?utm_source=blog&utm_medium=web&utm_campaign=domain-risk-report&utm_content=domain-risk-report

Bolster Phishing & Scam Protection Solution:
https://bolster.ai/solutions/phishing-scam-protection

Jeff Baher

Jeff Baher