It is quite natural that we are concerned about things that may happen to us in an unfamiliar travel destination. We tend to be cautious and make preparations to protect our valuables. The real danger, however, may be in another direction. If you are making reservations for your next trip on the internet – and it is higly likely that you are – you really should be concerned about how you deal with online services that require payments. In 2025, artificial intelligence (AI) will take a major role in scams that are designed to rob travelers’ money while they are still relaxing at home.
Flight Center Canada conducted a survey that discovered that about a third of Canadiens (32% to be exact) have already fallen victim to a travel scam. If one third of travelers had been robbed during their earlier trips, people would be afraid to travel. Visiting new destinations wouldn’t simply be as popular as it is today. Since it is so convenient to make travel reservations online, that’s what we do. While we have adopted a new online method to book our trips, we haven’t adopted new methods to avoid online scams.
AI won’t be the only new tool criminals have to steal our travel money. Fake web pages and phishing messages, among other proven methods are already widely known, but still, they can be difficult to identify and avoid. Here are a few common scam methods, and above all, tips for protecting yourself from becoming a victim.
Scams facilitated by AI will target travelers with convincing scam messages and phone calls
AI has learnt natural language, making it easy even for non-sophisticated criminals to produce convincing phishing messages, or phone calls that tell travelers to do something they shouldn’t do. Chief Information Security Officer of Booking.com has seen AI coming: “Over the course of the last year and a half, throughout all industries, there’s been anywhere from a 500 to a 900% increase in attacks, in phishing in particular, across the globe”. It will be difficult for an average person to realize if they are real or fake.
Identify the source: the first thing to do when you have received a message that asks you to give up data or to pay for something is to identify the source of the message. If it is email, you have to look behind sender name. On a computer, hover the mouse pointer above the sender name, and you should be able to view the actual address. If it is possible to view the message source or header information, you can find plenty of data, including “From:” and other information, like the internet IP address of the sender.
Fake web pages appear exactly like the real ones
A tried and proven method criminals use to scam travelers is to build a web page that looks exactly like, for instance, a web page of a hotel reservation or car rental service. The fake web page is hosted by scammers, and payments are safely transferred to their bank accounts. The problem for people who are trying to book a holiday is that it is difficult to realize that the page is a fake.
Identify the security certificate of the page: at the top of the browser window where the web page address is displayed you can find a lock or similar icon. Click on the icon, and explore the information it contains. The web page address, page owner, and location data should be consistent with the service you expect to be using.
Nonexistent accommodation on a well-known online service
Even if you book your accommodation on a well-known online service, like Booking.com or Airbnb, it is possible that the apartment or villa doesn’t exist at all, or is owned by someone who has nothing to do with hosting travelers. Criminals create listings to booking services by copying the data and photos of existing accommodations, or by creating a nonexistent villa or apartment. Naturally, travelers assume that the listings on a well-known service are real, but that is not always the case.
Research before you book: search the internet for signs of problems in the accommodation you intend to book. If you already have booked, and receive an unexpected message from the host asking for payment, be careful. Inspect the message sender and the link provided for payment as instructed in the previous cases.
In any case, always be careful with clicking links that ask you to do something
The important thing with links is to verify that a link you are asked to follow really points to the destination where you want to go. Here is how to verify it.
On a computer, hover the mouse pointer over the link for viewing the address. On a phone, you may have to copy and paste the link into an another app, like a notes app where you can enter text. There is a side effect in this method because some legit web page addresses are temporary short links when included in messages. You may actually see a link that has been shortened from a full long address. So, if you decide to follow the link, and actually arrive in a web page, stop and identify the address before doing anything else. It is viewable at the top of the browser window. The full address maybe long, and again on a phone, you may want to copy-paste it into a text app for viewing it. There is only one thing you need to discover from the address. First, moving from left to right, find the first slash character in the address. Second, move to the left from the slash until you find the first dot. Move further left until you find the second dot. Between the second dot and the slash you have the true address of the page.
Since Booking.com and Airbnb are the big services that many travelers tend to use, they also attract the biggest number of cyber criminals. One way ot the other, most reported scams have something to do with Booking.com or Airbnb. In fact, Klaava travel guide team stopped using both of them years ago, and is booking directly with hotels, camping sites, car rentals, and other travel services.