Local National Weather Sports Shop Scripps
5  WX Alerts
News and HeadlinesWRTV Investigates

Actions

New lodging reservation scam can trick you into giving up credit card information

Email appears to come from your hotel or rental property
Basic graphic (11).png
WRTV
Basic graphic (11).png
Posted

INDIANAPOLIS— A new and emerging lodging reservation scam is making the rounds, just in time for the busy summer travel season.

Here’s how it works.

You receive an email from a hotel or rental property about your upcoming reservation.
The email has the property where you’re staying, your exact confirmation number, exact dates of travel and includes a link to click to confirm your details.

When you click on the link to confirm, a form pops up asking for your name, email, phone number, date of birth, and amount.

Kara Kenney with Indiana’s I-Team received one of these emails but did not enter any information.

Had Indiana’s I-Team continued on the form, another page would have asked for credit card information.

Kenney called the rental property which confirmed they did not send the email.

Indiana’s I-Team shared screenshots with the Identity Theft Resource Center.

“This is a new emerging scam type, and it's due to the fact that we're seeing infiltration, so data breaches of reservation systems,” said ITRC CEO Eva Velasquez.

Bad actors are compromising reservation systems at hotels and rental properties across the country.

PREVIOUS | 81-percent of small businesses have suffered a cyberattack

They gather information about your specific reservation and send you a phishing email.
“What makes this particular scam so convincing is the fact that they have so much valid information,” said Velasquez. “It looks so legitimate.”

But it’s not legitimate.

Reservation systems are on a different system than financial data and scammers know that, said Velasquez.

EVA.PNG
Eva Velasquez is the CEO at the Identity Theft Resource Center

“What they're after is additional information about you, it could be your financial information, such as a credit card number, payment information,” said Velasquez.

Indiana’s I-Team also shared the screenshots with McAfee, a global cybersecurity company.

They ran a scan which showed the website was a scam and “this link is on a list of known threats.”

Abhishek Karnik, McAfee’s Head of Threat Research and Response, said we can no longer just rely on our gut.

“They're definitely getting very specific, very targeted, right,” said Karnik. “It's advancing at a point where these are not just generic scams, they can be very targeted, very spear-fished is the word we use when they're targeting specific individuals, and so that can happen at a much higher rate, much faster, in an extremely automated manner at this point.”

McAfee and other cybersecurity companies are offering scam detection tools for your devices.

summer travel, highways

“The threat landscape and the threat surface that we are experiencing today, you know, is incomprehensible,” said Karnik.

If you’ve clicked on a link, you can run a scan to make sure you don’t have any viruses or malware.

The best way to protect yourself is to stop before you click on anything. Contact the property directly and ask if they sent you an email.

AARP TIPS TO PROTECT YOURSELF FROM TRAVEL SCAMS:

  • Determine if a website is real. You can look up a domain to confirm whether it’s legit using WhoIs.com; enter the site’s URL, and you’ll find out who owns it and where the owner resides. “When a site for Hyatt or Hertz is based in Nigeria, you know you’ve got a problem,” Weisman says. Also be suspicious if you don’t see a contact page or a physical address, phone number or email address on the site.
  • Don’t trust phone numbers. Scammers can impersonate phone numbers through caller ID spoofing. If you’re renting a car, for example, confirm that you’re dialing a real customer service department (and that you’re using a legitimate company website to find contact info) before you call or click to reserve your rental.
  • Do your homework. If you are planning to rent or use a travel booking agency, do some research before working with them. Search for the company’s name online, along with words like “scam,” “review,” or “complaint,” and see what pops up. Also check for complaints on the BBB website. “If you’re looking at a car rental company that you haven’t heard of, and it’s a great deal, be skeptical — especially if they tell you to act now because it’s such a great price,” Weisman says. Ask people you know and trust for referrals.
  • Be cautious of travel businesses that ask you to pay before confirming reservations. “Most reputable travel agents will confirm before payment,” says the Georgia Attorney General’s Consumer Protection Division. And stick with reputable companies.
  • Avoid using search terms like “cheap rental cars.” Words like “cheap” can draw a higher number of bogus companies among your search results. And sometimes phony companies can appear higher in search results than real companies, says Weisman. A scammer might purchase an ad for the phony website, for example, which places it near the top of the search.
  • Confirm who really owns a vacation rental. “Search online for the rental location’s address, together with the name of the property owner or rental company,” the FTC suggests. “If other ads come up for the same address but with a different owner or rental company name, that’s a sign of a scam.” When Weisman wanted to rent a place on Cape Cod, he went to the tax assessor’s website. “The name of the person who was supposedly renting it to me wasn’t the name of the owner,” he says. “That’s always a good indication that it’s not legitimate.”
  • Never pay for travel services or rentals with a gift card or by wiring money. Scammers want you to pay this way — or with cryptocurrency — because “once they’ve collected the money, it’s almost impossible to get it back,” the FTC states. It’s safest to pay with a credit card, which has more protections than even debit cards. The same is true with services like Zelle and Venmo, adds Weisman. “They should never be used for commercial transactions, because they lack the fraud protection of a credit card,” he says.
  • Be wary of Wi-Fi. Whether you’re at an airport or a coffee shop, connecting to public Wi-Fi can expose your personal information to hackers. Instead, connect to the internet via your smartphone’s hotspot or purchase a virtual private network (VPN), which encrypts your data.
  • Avoid third-party visa programs. Americans are required to obtain visas when visiting certain countries, such as India and Australia. Third-party websites often promise to provide visas quickly for a fee, but many are scams that seek not only cash but personal information for identity theft. Instead, go to the U.S. State Department Bureau of Consular Affairs website. You’ll find procedures and links for the countries you’re planning to visit.

What to do if you’ve been targeted in a travel scam

  • Report scams to local law enforcement and the FBI's Internet Crime Complaint Center (IC3.gov). Not every complaint leads to enforcement action, but the information can help officials spot trends and sometimes identify the criminals.
  • For support and guidance, call the free AARP Fraud Watch Network Helpline, 877-908-3360, to speak with trained specialists who can share information on what to do next and how to avoid future scams. The AARP Fraud Watch Network also offers online group support sessions.