One-in-three Canadians are vulnerable to fraud when booking vacations online, study finds

Robert Capps, VP of Mastercard's NuData Security says cyber fraud targeting consumers planning vacations online is a bigger threat now than ever. (Illustration from Getty Images)
Robert Capps, VP of Mastercard's NuData Security says cyber fraud targeting consumers planning vacations online is a bigger threat now than ever. (Illustration from Getty Images)

Computer security software firm McAfee recently released the results of a cyber fraud study in Canada and the picture it paints is not good for Canadians booking travel online.

McAfee’s survey of 1,000 Canadians found that one in eight respondents, or 13 per cent, had been scammed or nearly scammed while booking a vacation online.

Increasingly, cyber criminals are capitalizing on consumers’ carefree travel booking habits, particularly when it comes to popular summer vacation destinations in South and Central America and the U.S.

“Fraudsters follow the money,” said Robert Capps, vice-president of Mastercard’s NuData Security. “And whenever they can find a scheme that is profitable, they will target those markets.”

The top summer destinations hackers are targeting in Canadian markets via potentially malicious sites include:

1. Palm Springs, California

2. Male, Maldives

3. Belize City, Belize

4. Chicago, Illinois

5. Cancun, Mexico

Interestingly, McAfee’s study of cyber travel fraud in the U.S. named Canmore, B.C. as one of the top five summer destinations among American markets that hackers were targeting.

Capp said the risk of encountering fraud while booking a vacation online is higher than ever. Statistics Canada reports that incidents of cyber fraud in Canada more than doubled from 2014 to 2018, rising to 16,422 cases in 2018 from 7,332 four years earlier.

“I would say it’s the worst I’ve seen it,” Capps said. “Although, travel scams have always existed, going back to the time of classified ads in newspapers.”

In Canada, those most at risk of being targeted now are bargain hunters looking for a good deal online, with 33 per cent of vacation scam victims defrauded after spotting a deal that was too good to be true.

McAfee’s study reveals the high cost of risky bargain shopping behaviour, with approximately 30 per cent of travel-related scam victims reporting they lost between $1,000 and $3,000 as a result of the fraudulent activity. Meanwhile, 14 per cent of victims experienced identity theft after sharing their passport details with cybercriminals during the booking process.

According to the study, nearly one-third of Canadian consumers are exposing themselves to these risks when they book trips online because they do not check the authenticity of a website before booking.

This isn’t surprising, given that a majority of survey respondents, 78 per cent, shared that they worry about having their identity stolen during the research and booking process, but less than 25 per cent feel that they have the right security in place to prevent their identity from being stolen.

Cybercriminals take advantage of the high search volumes for accommodations and deals in popular destinations to drive unsuspecting users to potentially malicious websites that can be used to install malware, steal personal information and passwords.

The good news is, there are ways Canadians can guard themselves.

“While cybersecurity threats unfortunately exist during most stages of the booking and travel experience, consumers can take proactive steps to protect themselves,” McAfee’s chief consumer security evangelist Gary Davis said in a media release.

McAfee says consumers should only access verified websites when searching for travel options. Most web browsers will display a closed padlock icon to the left of the website's URL to signify that the website is safe.

Consumers should also look into using identity theft protection on their devices, and consider using a personal virtual private network (VPN) when conducting transactions over a public Wi-Fi connection.

Finally, McAfee recommends using trusted platforms and verified payment methods when confirming bookings in order to avoid phishing and cyber fraud.

For example, Capps suggests either booking flights or accommodations directly from a hotel or airline’s website, or using a trusted aggregator like Expedia, HomeAway or Kayak.

“Folks like Expedia and the rest do a good job of vetting the properties they allow on their website,” he said. “But there are startups that might not, so you’re a little less safe.”

Capps also suggests reading a hotel’s reviews before booking, to ensure you actually get what a hotel listing promises. Aside from reviews, Capps said using the tried and tested method of asking around can really pay off.

“If you have friends and family that have travelled to certain locations and have recommendations, ask them which properties to stay at,” he said.