Whoa, I’m going to Barbados

Every year holiday makers fall foul of fake websites offering great bargains and amazing dream destinations online…

Oh how we can all wish that we could follow the advice of Typically Tropical from their number one hit in 1975 and jet off to the Caribbean to escape one of the wettest summers on record.  But if you are one of the lucky ones who has the holiday booked and the cash saved then a word of warning for you.  Check that you have actually booked the holiday you think you have booked.

We are all familiar with the dangers of booking holidays based on “artist’s impressions”, and there are thousands of stories of people travelling abroad for their dream holiday only to find the villa next to a sewage farm, your hotel room above an all night drum and bass club, or the swimming pool shared with a family of water rodents.  However, at least in these cases you have actually made it onto a plane and into the sunshine.  There is a more worrying trend emerging as we conduct more and more of our lives online.

The rise in the number of fake holiday websites is a growing menace every day. Unfortunately, we are suckers for bargains and so it is hardly surprising that this is a growing industry.  This summer thousands of Britain’s will hand over their hard earned cash to fraudsters, thinking they are booking a break in the sunshine, whilst instead they are simply lining the pockets of cybercriminals in return for nothing but pain and disappointment.

The problem is that it is very easy to create an effective, professional and authentic looking website that can immediately start fooling the general public.  The criminals behind these fraudulent websites know how to seduce the general public with pictures of sandy beaches, concept pools and beautiful sunsets, and by adding copied images of ABTA and ATOL licences for authenticity within a few hours of work they have a perfect holiday booking website ready for business.  All they now need are customers with money to spend.

Whilst the Internet is the best invention known to man, able to answer questions such as “what is a flugelbinder?”, “who sang the theme tune to Dad’s Army?” and “what is Jenson Button’s favourite button?”, it is also a dark and dangerous place.  Our searching habits have changed in line with the advancement in accuracy of the Google search algorithm. The search giant aims to “provide the most accurate and relevant search results every time”.  The problem with that is if we do search for “Villas in Kos” we will get websites where villas in Kos appear high in keyword rankings.  All good so far, but this is how fraudsters can manipulate their websites to get in front of our eyes.

Various techniques such as keyword “stuffing” in websites, buying domain names with such keywords on the secondary market or simply cybersquatting brands owned by authentic firms means that we always have to be vigilant if we book holidays online. Verisign, the domain registry that runs .com and .net recently launched a tool that shows any domain names that are available to register and have existing natural type-in traffic (villaartedika.com anyone?).

So how can consumers protect themselves from falling foul to holiday website fraud?  Whilst it is relatively easy to fool some, it is equally as easy to expose the cybercriminals activities.  None of these websites stay around for long.  They are set up to exploit customers for a short period of time before disappearing off into the sunset. So check the registration of the domain name.  Does the description of the holiday firm match the WHOIS details?  Why has a long established firm just registered their domain name?  Also check to see if the domain name forwards to another site – if so check that one as well.

Any website worth its salt will have an SSL certificate in place if it wants to take payments online.  You can check the authenticity of any SSL certificate by clicking on the padlock or green part of the URL bar.  Whilst there have been some issues with fake SSL certificates being issued in the past, most veritable companies use certificates issued by Verisign (or their brands including Thwarte and GeoTrust) or Comodo.  Be warned of any websites that have “self-signed” certificates.  Google, in most cases, will warn any users trying to visit a website with a SSL certificate that appears problematic.

Another good tip is to visit the most visited holiday review site in the world, TripAdvisor.com.  Enter your holiday accommodation and read the reviews.  If the accommodation you are booking is genuine you would expect to see reviews over a period of time.  Be careful of hotels or villas where all of the reviews are overly positive and very recent.  It may also be prudent to contact the hotel direct and ask if they have heard of the website you are planning on using.  Finally, you can also check any ATOL numbers the website has with the CAA direct.

So five minutes worth of research can make the difference between having the holiday of a lifetime and a week of hell, dodging the rain in the amusement arcade in one of our tired British seaside resorts.

Here are our five top tips to avoid being stung this summer:

  1. Check the authenticity of a websites SSL certificate by clicking on the padlock or the green URL bar.  Make sure the owner is who they say they are.

  2. Go to the CAA website (caa.co.uk) and check the ATOL number and see if it matches who you are paying your money to.

  3. Visit TripAdvisor and explore the reviews for your hotel.  Be wary of ones where all the reviews are overly positive and very recent.

  4. Do a simple check on the domain name and look at when it was registered.  If it is recent be careful about parting with your cash.

  5. Remember to pack your mosquito spray – if your holiday is 100% genuine you don’t want it spoilt by a pesky little fly!


Written by Stuart Fuller, Director of Communications, NetNames

25 July 2012