Beware of summer holiday scams!

Cyber Criminals rarely take time off – especially over the summer months. With a surge in travel and online activity, summer-themed scams are becoming more frequent and increasingly sophisticated. Many are designed to catch you off guard. Stay one step ahead by familiarising yourself with some of the most common scams below.

Fake CAPTCHA pages

A CAPTCHA test is designed to determine if an online user is really a human and not a bot. CAPTCHA stands for 'Completely Automated Public Turing test to tell Computers and Humans Apart'. 

Fake CAPTCHA pages can originate from compromised websites, documents, HTML attachments, or malicious URLs. The CAPTCHA asks you to "Click to verify you're not a robot" or alerts you that something went wrong, and you need to follow instruction to display the website correctly. After following these instructions, malicious software will attempt to silently install.

These often appear on:

• Fake download sites
• Lookalike Reddit or news pages
• Ads promoting 'free' holiday deals or software

You can find more info and examples of fake CAPTCHA here.

Airline phishing emails

Scammers impersonate popular airlines like Jet2 or British Airways. These often link to fake websites designed to steal your login details or payment information, and include topics like:

• "Your flight has been cancelled – rebook now."
• "Claim your travel refund."
• "Download your boarding pass."

Hotel and booking site spoofs

Texts and emails mimicking hotel sites such as booking.com or Airbnb, may say:

• "Problem with your reservation – confirm now."
• "Upgrade your stay – click to accept."

These are often loaded with malware or phishing links. 

Fake delivery notifications

Expecting a package before you go away? Watch out for:

• "Your delivery is delayed – track now."
• "Missed parcel notice – reschedule here."

Common brands used: Royal Mail, Evri, and DHL.

Bogus invoices or refund claims

You may get messages like:

• "Invoice attached for your holiday booking."
• "You’re eligible for a travel VAT refund – enter bank details."

Simple steps to stay secure

• Treat unexpected travel or refund emails with suspicion – go to the source (e.g. airline or hotel website) directly to contact them and query the communication.
• Investigate before acting – a google search of the comms you’ve received and adding ‘scam’ will often quickly clear up any doubts.
• Be wary of CAPTCHAs on unknown sites – don’t interact with CAPTCHA screens unless you trust the website 100%. If a page suddenly asks you to 'prove you’re human' with no context, close it. Do not follow instructions from CAPTCHAs that ask you to open the Windows terminal.
• Don’t reuse passwords – especially not for your email account. If it’s compromised once, hackers will try it elsewhere.
• Turn on Multi-Factor Authentication (MFA) – a stolen password alone won’t be enough to access your account.  Focus on high-risk accounts (e.g. email) as a minimum.
• Check your recent sign-in activity – especially before you leave for a break. It might surprise you how many login attempts are made.  Log out of unused / old devices.
• Review out-of-office replies – keep external replies vague. Don’t reveal where you are or when you’re back.   
• Never share one-time codes – even if a message or call seems legit. Always verify requests through another method.

Final thought

Cybercriminals love summer distractions. By staying vigilant and following a few basic precautions, you can enjoy your break knowing you are protected.

This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.

Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.