According to a study by the IT security company ESET, which was published in October, the scale of cyber attacks targeting accommodation platforms like "Booking.com" and "Airbnb" has significantly increased this year. Fraudsters, taking advantage of increased traveler activity during the summer season, have found new ways to scam money by exploiting user trust and advanced technologies. Lithuanian users should also be cautious when using these or similar platforms, as they are popular in the country, and fraud methods are becoming more sophisticated as well as harder to recognize.
Fraud tactics on accommodation platforms
One of the most common types of fraud is fake hotel or apartment listings, which contain links to counterfeit websites. On these seemingly reliable but illegally created websites, users are asked to enter their bank card or personal details required for booking accommodation.
As noted by Ramunas Liubertas, Senior Cybersecurity Engineer at "NOD Baltic" and ESET expert, often, people who have been deceived share this information on social media – some warn others, while others ask for help.
"Just recently, I had to help my relatives because they were scammed while booking an apartment near the Baltic Sea, in Liepaja, Latvia, which was done through 'Booking' – sharing his personal experience, the cybersecurity engineer says. – The fraudsters in this particular case acted very professionally: the owner of the vacation apartment posted a rental ad with pictures and a contact phone number on the 'Airbnb' platform, and the very next day, an identical ad appeared on the 'Booking' platform – it was uploaded by the fraudsters. However, the price on the other platform was lower, so my relatives hurried to book and make a payment, without thinking that something could go wrong. As soon as the fraudsters received the payment, they immediately removed the fake listing. When my relatives contacted the apartment owner for arrival details, she was surprised that the same ad appeared on another platform and refused to accept the family, claiming she hadn’t received any payment."
What you need to know before booking
Before purchasing accommodation services, cybersecurity engineer R. Liubertas emphasizes that users should always remain vigilant. Before making a booking, the cybersecurity expert advises checking when the specific listing was posted. If the ad was posted a few days ago, it could be from a new platform user, but if the listing was posted just a few hours or minutes ago, one should hesitate and try to verify that it is not a scam.
"Accommodation platforms are looking for ways to combat fraud and protect users, so if a complaint is filed or a suspicious account is detected, it should be removed, but this can take some time, and fraudsters are getting more clever in finding ways to bypass this," explains R. Liubertas.
It's also worth considering how many reviews the accommodation listings have, as a small number or a lack of reviews is often a sign of fraudsters' fake "offers." Remember, fraudsters creating fake listings may also write false reviews themselves to make the offer appear more reliable.
"People often fall into online fraud traps because of haste. As soon as the payment is made, the tension eases, and it seems like a good deal was snagged, but then the realization hits that something isn’t quite right. As soon as you suspect that you might have been scammed, immediately contact the platform's customer service and your bank. However, lost money is often not refunded, especially if the report is delayed. In my relatives' case, they managed to recover their money within a couple of weeks only because they contacted the platform on time and made the payment through the official accommodation platform," says R. Liubertas.
5 steps to protect yourself when booking accommodation
Cybersecurity engineer R. Liubertas outlines a few key actions users should take to protect their accounts on accommodation platforms:
- Use strong and unique passwords and change them regularly;
- Enable two-factor authentication (2FA);
- Check the listing’s posting time and the number of reviews;
- Never share payment details outside the platform;
- Report any suspicious activity to the official customer service.
"If a user uses the same password on multiple sites and hasn’t enabled two-factor authentication (2FA), if the password is leaked on one platform, it can be used on others. Most reservation platforms offer the 2FA feature for free, so it’s recommended to enable it," emphasizes R. Liubertas. "It’s also important to regularly change passwords, use unique passwords for each account, and store them in password management apps to avoid losing them."
As it is stated on the websites of "Airbnb" and "Booking", these accommodation service companies are looking for ways to reduce the risk of fraud and encourage users to report fake listings.