Lucas Molefe, Cybersecurity Consultant, ESET Southern Africa.

An alarming post on X by Wendy Knowler, South Africa’s leading consumer journalist, has brought to light the constant and increasing risk of cybercrime in the context of travel planning. Knowler shared a cautionary tale involving a South African woman who fell victim to a sophisticated phishing scam while making travel arrangements:

“@wendyknowler
I’ve just received an email from a S. African woman who was caught by this.
The fraudulent email came amid a stream of genuine http://booking.com emails about her UK booking.
She lost >R18K.
@bookingcom sent her a warning email but it landed AFTER the scammers’ ones.”

You can’t let your guard down for a moment. The truth is that most cybersecurity breaches these days take the form of phishing-based social engineering. Why break through thick firewalls or try to hack complex passwords when you can simply get someone to hand you the keys to their data and money? Scammers only need to find one cybersecurity gap for your trip to become far more expensive than you’d anticipated.

There are numerous parties involved - banks, booking agents, online platforms, and airlines. Booking flights or accommodations online often involves entering personal information on multiple platforms, each with its own level of security. Each interaction creates a potential entry point for cybercriminals, who can exploit these vulnerabilities to access or steal crucial data. If even one of these platforms is compromised, your entire travel itinerary, including payment details, could be exposed to significant risk.

It doesn’t get much safer once you’re travelling. Accessing the internet while on the move - whether to check emails, manage bookings, or handle banking transactions - poses additional threats, especially if you’re using unsecured public Wi-Fi networks. Cybercriminals can easily intercept data or deploy phishing schemes to steal your credentials.

To help travellers protect their personal information, ESET has published a detailed guide on recognising and avoiding phishing scams outlining essential strategies to prevent phishing attacks.

How to Recognise Phishing

Phishing messages often mimic legitimate correspondence but can be identified through several telltale signs:

• Requests for Personal Information

Reputable organisations rarely ask for sensitive details via email.

• Poor Grammar

Spelling mistakes and awkward phrasing are common in phishing emails.

• Unexpected Contact

Unsolicited emails from banks or service providers should be treated with suspicion.

• Urgency or Irresistible Offers

Messages that push for immediate action or offer deals that seem too good to be true are often scams.

• Suspicious Domain Names

Be wary of emails from domains that don’t match the organisation’s official website.

How to Prevent Phishing:

• Think Before You Click

Avoid clicking on links or downloading attachments from suspicious messages. These could lead you to malicious websites or infect your device with malware.

• Stay Informed

Keep up with reports on new phishing techniques to avoid falling into the latest traps.

• Guard Your Personal Details

Always verify the message with the sender or the organisation it claims to represent, using contact details you know to be genuine.

• Monitor Your Accounts

Regularly check your online accounts for any unusual activity, even if you don’t suspect any foul play.

• Use Reliable Security Solutions

Implementing a trusted anti-phishing solution can add an extra layer of protection.

In the end, you are your own best multi-factor authenticator. If you have any doubt - or even if you don’t but are about to make a sizeable transfer - call or email a known, genuine contact at the organisation you’re trading with. Confirm that the details you’re using are legitimate and, whatever you do, do not click on links from unknown contacts.

As travel plans become increasingly digital, the need for cybersecurity grows more urgent. By staying vigilant and adopting safe online practices, travellers can significantly reduce the risk of falling victim to cybercrime and enjoy a safer, stress-free trip.

For more information and expert advice on cybersecurity, visit ESET’s phishing prevention page.