|In a major security breach,
one of the world’s largest online travel agents (OTAs) has been
targeted by scammers and forced to refund thousands of dollars to
customers whose personal details have been stolen. About 10,000
consumers are affected.
The attack, involving Booking.com, the big OTA, is one of several
high-profile online booking and travel site security breaches or
scams in recent months involving OTAs, hotel loyalty programs and
online tour sales firms. Hilton HHonors and Viator are among
companies and programs to have fallen victim to hackers and cyber
Such attacks can undermine confidence in online booking. They also
make consumers keener to deal with flesh-and-blood travel agents,
people they can speak to, know and trust.
In the Booking.com case, guests booking hotel rooms unwittingly
forwarded money to criminals who had obtained customer details. The
crooks masqueraded as hotels, contacting customers online and using
various pretexts to demand prepayment (a scam known as “phishing”).
The scammers got most details right: reservation numbers, names of
guests and the correct logos. Customers fell for it, although a few
smelled a rat and didn’t pay.
Booking.com, based in the Netherlands, is one of the biggest online
travel agents, processing 700,000 room-night bookings in more than
200 countries each day, according to its website.
A company spokesman told the BBC that Booking.com had refunded
customers but refused to say how much money was involved. The BBC
quickly found one customer who had lost 1500 Canadian dollars (which
Booking.com refunded) in a single booking.
Chief security officer at Booking.com, Peter Kornelisse, estimated
about 10,000 people were affected. He told the BBC that Booking.com
was on top of the problem, which was essentially a battle against
organised crime. “We’ve made technical improvements in several
BBC’s Money Box financial program quoted Rik Ferguson from internet
security firm Trend Micro, who tested the Booking.com system by
registering as a fictitious hotel. Ferguson found he could access
the system with a log-in and password.
He says if these log-in details were obtained, customer security
would be compromised.
Booking.com insists it is not the victim of a data breach. It says
criminals are obtaining customer details by sending messages to
hotels to acquire guest details.
As cyber criminals become more sophisticated, so do online frauds
In a separate development, millions of Hilton HHonors rewards points
are being stolen and sold online, traded in by scammers for gift
cards and goods, according to UK-based global online tech
publication The Register.
Apparently, points are being stolen through so-called “brute force”
attacks that crack PIN codes, the Register reports. It says scammers
on website forums apparently began trading Hilton HHonors points
three months ago. “One eager scammer appeared to sell off 833,000
points for $20 worth of Bitcoins,” the Register said.
As tech site Skift points out: “Points aren’t just scores, and miles
are more than distance travelled. Loyalty program credits are
currency, every bit as good as cash; they were travel’s Bitcoin long
before the e-currency was dreamt up.”
In September, Viator, the Australian-developed travel and tours
provider acquired by TripAdvisor in August, notified 1.4 million
customers of a data breach affecting its websites and mobile
offerings that may have compromised customers’ credit and debit card
numbers, email addresses, and other personal information.
Viator does not collect debit card PINs so these were not
compromised, the company stated. Viator learned of the breach when
its payment card service provider informed it about unauthorised
charges on a number of customers’ credit cards.
Commerce infrastructure company Cellpoint Mobile comments: “For the
travel industry, loyalty program-related fraud continues to be a
growing threat; one that has the potential to weaken both company
profit margins and customer trust.
“Schemes can come from a multitude of sources and in many different
forms; including employee theft or rewards manipulation, member
attempts to accrue rewards that do not belong to them, non-member
account breaches, or even criminals, like the HHonors scammers, who
hack accounts to steal rewards and sell them for their own profit.”
Written by Peter Needham November 2014
Booking through a travel
agent is a better bet than booking online if you wish to avoid
problems when arranging travel or while travelling.
Seven out of 10 Australians run into difficulties when travelling or
preparing to travel, a survey by consumer group Choice has revealed.
Over a quarter of those problems concern booking online – with
hidden fees topping the list of peeves. http://www.tourismlegal.com.au/
The Choice (consumer review magazine) research was based on
responses from a nationally representative sample of 1100 Australian
travellers aged 18–75 who had travelled for leisure domestically
(ever) and internationally (in the past 12 months).
Most commonly encountered travel problems were:
•Booking online (26%)
•Transport (taxis, buses, trains) (19%)
•Booking with a travel agent (18%)
•Mobile phones (17%)
•Car hire (14%)
For those who struck problems with booking online, 57% complained
about hidden fees. Nearly 30% also struck difficulty fixing mistakes
online and/or encountered technical website issues.
Booking with a travel agent caused problems for less than two out of
10 travellers, ranking it only as the fourth most common problem
travellers encountered. Of those with gripes who booked through
agents, 34% said they had difficulty fixing mistakes, 29% objected
to hidden fees. Another 19% said they didn’t get quite what they
paid for, such as preferred room types.
recently, in the Paris terrorist attacks
in November, travel agents contacted
affected clients to adjust travel
arrangements, keep them advised
regarding airline announcements,
insurance company advisory notices and
other details. Travellers who booked
online were caught unawares.
Likewise, during a sudden Lufthansa
strike in September, travel agents
working round the clock managed to get
their clients to their destinations with
little to no disruption. Travellers who
had booked with OTAs, or direct with
airlines, were left sitting at European
airports, stranded and disgruntled. The
same phenomenon has been noted during
weather-related, and volcano-related,
Choice reminded its readers that “the compulsory licensing scheme
for travel agents was abolished and replaced with a voluntary
accreditation scheme called ATAS on 1 July 2014. The voluntary
scheme provides some protections and recourse, such as full and
partial refunds, if you are wronged.”
Choice advises consumers to do their research and find a reputable
agent. “Agents with accreditation, such as ATAS accreditation, are
required to meet minimal professional standards family and friends
can also be a great source for recommendations.”
Of the 24% of respondents to the Choice survey who said they had
struck some sort of problem with their flight, about half (51% )
said flights were either delayed or cancelled.
Choice advices travellers to obtain travel insurance that covers
delays and cancellations. AFTA advises the same.