How not to fall victim to online scammers when booking a hotel online

The ingenuity of cyber fraudsters is truly enviable. Just as people stopped falling for catchy slogans like “earn a million in 3 days” or “transfer 50 dollars and they'll turn into 5000,” phishing enthusiasts devised a much more sophisticated way to “earn” money online.

Scammers fake popular flight and hotel booking websites.  This niche of gray business has become especially profitable on the eve of the holiday season. Many tourists now prefer independent travel over tour agency services, so they book tickets on Kupi.com and accommodation without intermediaries.

This situation plays right into the hands of criminals: they disguise their websites as well-known booking platforms like booking.com or hotels.com, offering hotel rooms at very attractive rates. Naturally, those eager for deals and discounts cannot miss the opportunity to stay in luxurious apartments for a ridiculous price and let their guard down. The scammers then take prepayment for the booking from “clients” and disappear without a trace, covering up the tracks of the duplicate website in the internet space. The scam scheme is extremely simple: people reserve a hotel, then a booking confirmation arrives in their email. In the letter, the fraudsters either ask for the credit card password or send a malicious program from the Trojan family instead of a receipt, which debits funds from the bank account after the CVV code is entered. Employees of G Data Security Labs noticed that the distribution of viral emails increased with the onset of spring. The situation is complicated by the fact that some fake websites do not have a Russian-language interface,  so users who do not know English often fall into the trap. To catch these unscrupulous dealers, the police first need to identify the provider and then find out who provides the hosting.  During this time, scammers manage to profit from inexperienced bargain hunters and close the site. Damage is inflicted not only on tourists' wallets but also on the reputation of hotels. Employees of online booking portals try to independently track websites that profit from their name. But even if a duplicate is found and neutralized, it costs nothing to resurrect the fake under a new name. No one is immune to such brazen piracy, but you can maximize your safety.

Safety Precautions!

• First and foremost, understand this: not all hotels require prepayment for a booking. Many send a voucher to your email, which tourists show at the reception and pay for their accommodation on the spot. If, after receiving the voucher, you are asked to transfer another sum, it is most likely an attempt to defraud you.

• Sometimes prepayment is indeed required, especially when booking apartments. In this case, the transaction is carried out directly on the resource itself. Reputable websites will never engage in email newsletters or ask users to follow external links.

• Carefully cross-reference the information on the voucher with the data you entered on the website (hotel name, check-in date, payer information). There may be discrepancies. In that case, you should contact the website staff and ask for a re-confirmation.

• Most websites use a corporate logo that is duplicated when transitioning to the payment page. If it's missing, you should be wary.

• No one has the right to demand your card's PIN code. This is private information, and any attempts to extract it indicate that you are dealing with a scammer.

• You can fake the appearance of a website, but not the domain name. It can be “mirrored” as much as possible, but differences will still remain. Even one letter will give it away. Therefore, pay full attention to the address bar!

• Sometimes small booking services cannot accept payment on their own site and do so on the pages of authorized providers. Accordingly, the domain in the address bar changes. There's nothing criminal about this, but if the provider is unfamiliar to you, “Google” can help you find out whether it's worth transferring money to the account or if it's better to refrain.

• If money has already been transferred to an account, you should immediately request payment confirmation.  It usually arrives within a few minutes, at the latest a couple of hours. It indicates the transfer amount and company details. The absence of an online statement is an alarming sign.

• Even better, enable SMS notification service, which will inform you about funds being debited from your account (it will cost no more than 60 rubles per month). The faster you learn about money being transferred to a fraudulent website, the higher the probability that the bank will cancel the transaction and block your card.

• And finally, the most important thing: remember how you found a particular booking system. Phishers often leave links on thematic forums or send out spam emails. If they do this, they gain something from it. It's worth considering.

Be vigilant, and scammers will pass you by, going in search of less discerning victims.