Travel season provides hackers with many opportunities to access personal, sensitive information through online scams. Hackers prey on unsuspecting victims looking for enticing travel deals by using bogus websites to steal credit card numbers and other personal information.
Whether you’re traveling for business or pleasure, be on the lookout for travel scams. The American Hotel and Lodging Association estimates that approximately 15 million online hotel reservations are made on bogus third-party sites every year.1 In fact, cybercriminals may pocket upwards of $1.3 billion in fake hotel reservations.2 Alarmingly, even “sponsored” websites that appear in Google searches can be fraudulent.3 Similar scams also extend to airline flights and rental cars.
To protect yourself from travel scams:
n Verify travel websites. Before you make a reservation, research the booking site. You can check that the web address begins with “HTTPS,” search for reviews and comments online, and verify legitimacy with the Better Business Bureau. Additionally, beware of look-alike websites — hackers may impersonate a well-known company to access your information.4
n Choose your payment method wisely. Use a credit card instead of a debit card when making a payment to avoid giving hackers access to bank information.5 Be suspicious of non-traditional collection methods, such as direct bank transfers or wire transfers.
n Confirm transparency. When making a reservation, you should see the cost breakdown, such as taxes and other fees.
n Check for trust marks and security seals. Verify that the booking site has a mark or seal that indicates it is secure (e.g., the “McAfee® Secure” and “PayPal Verified” symbols).6
When in doubt, call the company you want to book with to verify any information. As a reminder, for official Postal Service™ travel, book through Omega World Travel, accessed at wcp.getthere.net/govtomegaworld. If you suspect a scam while using a Postal Service device, report it to the CyberSecurity Operations Center (CSOC) at cybersafe@usps.gov.
For more information on cybersecurity best practices, visit the new public-facing CyberSafe at USPS™ website at uspscybersafe.com or the CyberSafe at USPS pages on Blue (blue.usps.gov/cyber/) and LiteBlue (liteblue.usps.gov/cyber/).
— Corporate Information Security Office,
Chief Information Security Officer
and Digital Solutions, 5-25-17