5-minute guide to protecting yourself from online holiday scams

With more of us using web channels to book our trips, the number of holiday scams continues to rise, meaning we must be vigilant when searching for a bargain break. Last year alone, UK holidaymakers were scammed out of £7m by fraudsters, with just over £2m of this lost to online holiday scams. Here's what you can do to stay safe.

How are scams set up?

Fraudsters set up copy-cat websites, using cyber or typosquatted domain names with the aim of lining their pockets. Typosquatting is a form of cybersquatting, which relies on mistakes such as typographical errors made by internet users when searching for a specific website address. It is also known as URL hijacking.

Seemingly credible websites offering all-inclusive services including flights, hotels, transfers and travel insurance can be set up using relatively rudimentary coding skills and an authentic looking domain name, making it a dangerous and commonplace occurrence.

Review websites

However, it's not just fake websites that consumers should be wary of. Trusted established websites such as TripAdvisor can also be plagued by bogus reviews recommending fake holiday companies or websites – there is only so much that review sites can do to verify all of the details. Exploiting the trust of consumers is a common trick of the online fraudsters, therefore consumers should always be vigilant about making a booking based on information they find on a reviewer website.

How to protect yourself

There are three simple steps that you can take to make sure cyber criminals don’t ruin your holiday:

  1. Shop around – if one particular website, that isn’t one of the big travel companies, is offering a deal much lower than the rest then think twice. If it looks too good to be true, it probably is!
  2. Unless you have 100% verified who you are dealing with do not pay for your holiday by bank transfer, Western Union or cash. Use your credit or debit card that at least offers a level of consumer protection. Never pay directly into an owner's bank account.
  3.  Only use websites that have a verified identity. If you are required to hand over personal details or credit card numbers unless you are in a website protected by SSL (look for a green browser bar or the padlock to left of the web address). Take 30 seconds to check the details of the domain name of the website at www.who.is – when was it registered? Recently could indicate an issue, whilst hidden details should also set alarm bells ringing. Report anything suspicious to Action Fraud, the national fraud and online crime reporting centre.