How to Spot a Travel Scam

When was the last time you booked a vacation with the help of a real person, whether it was a travel agent or a customer service representative? Assuming you have access to the Internet, it’s safe to say it probably wasn’t recently. Though booking sites and social media have made it easier than ever to plan and pay for travel online, our increased Internet use has also left us inherently vulnerable to phishing scams. Even if a cruise line or airline is offering a rock-bottom price that seems too good to be true, we’re often mesmerized by the allure of a discounted or even free vacation. Whether it’s a fake American Airlines Instagram account promising one free round-trip ticket to the first 5,000 followers or an unsecure wireless network in a hotel lobby, there are plenty of ways for the modern travel to be unknowingly duped.

To help you avoid falling victim to a travel scam, U.S. News identified some of the most common schemes to steer clear of, plus red flags to watch for when booking travel and while on vacation.

See: 5 Travel Rip-offs to Avoid

The fake vacation rental

According to a 2015 TripAdvisor survey, vacation rental stays are on the rise, with 59 percent of travelers swapping traditional lodging options for vacation rentals. Why are travelers so keen to ditch the hotel? Eighty-seven percent said they’re more likely to book a vacation rental thanks to the increased availability of online information, such as traveler reviews and photos. This is music to the ears of hackers who post fraudulent listings in the hopes of duping unsuspecting bookers. Several vacation rentals sites, including Airbnb, VRBO, HomeAway and TripAdvisor Vacation Rentals, offer protection against scammers. HomeAway, for example, provides HomeAway Payments, which means the site acts as a trusted mediator between the owner and the renter, much like Airbnb. In FlipKey’s case, owners undergo a background check and properties themselves go through an extensive verification process. But even with these safeguards in place, it’s still easy to book a fake property or even release your personal information to a savvy cyber crook.

Laurel Greatrix, head of public relations for TripAdvisor Vacation Rentals, advised calling the owner or manager to get more information about the property. You’re much more likely to fall victim to phishing via email than over the phone. Reviews from fellow travelers will also help you determine if a property is legitimate. When you’re speaking with the owner, ask if he or she can provide references so you can contact previous renters about their experiences.

Red flags: Changes in the email address you’ve been communicating with or requests to pay the full amount too early or via services like Western Union could be a sign of a fraudulent listing. Vacation rental websites offer a clear payment protocol, meaning you should be suspicious if an owner requests you deviate from the site’s rules.

Unsecured wireless networks

In our efforts to remain constantly connected, many of us are quick to log on to the strongest Wi-Fi network we can find. But open networks (networks that don’t require a WPA or WPA2 password), can leave us vulnerable. And just because a network is provided through a hotel, airport or business doesn’t necessarily mean you’re safe from having your personal information hacked. To be cautious, connect via a personal Wi-Fi hotspot set up through a wireless device like your smartphone. When browsing the Web or inputting personal information into a site, only use encrypted sites — websites that include “https” at the beginning of their address. That “s” stands for secure, and it means cyber thieves can’t hijack your information. According to the Federal Trade Commission, you can also download add-ons that require the browser to use encryption on sites that typically aren’t encrypted. Force-TLS and HTTPS-Everywhere are two add-ons recommended by the FTC.

Red flags: If you’re using an open wireless network, make sure it’s actually affiliated with the hotel or airport. Check with the front desk or a customer service agent at the airport to retrieve the correct Wi-Fi network, or ask if there’s a secure network with a password available. Hackers can set up fake wireless networks that may appear to be affiliated with the hotel or airport, but actually have subtle typos differentiating them from the authentic network. This can leave you even more vulnerable should you use a site that requires a password.

See: Ways to Avoid Apartment Rental Scams

Swindling street performers

Mostly encountered in Europe (though you may spot them in domestic tourist hot spots like Las Vegas, too), street performers and street scammers prey on travelers caught off guard. Popular cons like the “friendship bracelet” (where a person ties a bracelet onto your wrist, then demands payment for it) and the “found ring” (when someone approaches you saying you dropped a ring, puts it on your finger and then demands money) are just a few to watch for. But some of these tricks require little cunning, such as a person wearing an Elmo costume in Times Square who requests money after an unknowing tourist snaps a selfie with him or her.

Red flags: Beware of overly friendly people on the street or individuals who approach you offering directions. And don’t take photos with street performers. You may be asked to fork over some money if you do.

Fake social media accounts

Thanks to Facebook and Instagram, cyber crooks have found a new avenue to target consumers, and to the hacker’s benefit, these scams spread quickly. While fake Instagram accounts haven’t been as prevalent since Instagram started offering verified account badges, fake accounts promising free travel services still crop up. Though most only prompt you to follow the account or share the photo and tag the account, it’s still best to trust only the brand pages that have been verified. Fake Facebook pages, on the other hand, can cause a little more damage. If you see a travel offer that prompts you to link your Facebook account and install an application via the site’s Facebook Connect feature, you could be inadvertently supplying your personal information to hackers. At the very least, the application will post spam comments to a random selection of your Facebook friends.

Red flags: Before liking or sharing a post, confirm that the account is verified. Facebook, Instagram and Twitter offer verified accounts (easily identifiable by a small blue check mark next to the account name), making it easier for users to distinguish what’s real and what’s fake. And if all else fails, listen to your gut: If something sounds too good to be true, it probably is.

See: How to Stay Safe While Shopping Online

Ann Rivall is a Travel Editor at U.S. News. You can follow her on Twitter, circle her on Google+ or email her at