Forget pickpockets and lost luggage. The biggest risk for your next vacation is hiding online.
“Anyone can be a potential victim,” warns Seth Ruden, director of global advisory at BioCatch, a biometric company. “But frequent travelers are likely targets, as travel rewards, airline miles, and other stored payment details on travel accounts can be lucrative and easily monetizable.”
People are more concerned than ever about cybersecurity. In fact, a recent Travelers Insurance study found that 62% of respondents were concerned about online security, the highest in 11 years. (Travelers have asked business owners, but other surveys show their concerns are reflected more broadly. )
There are a range of cyber threats facing travelers, from phishing scams designed to steal personal information to fake travel websites and rental listings that leave victims stranded and financially drained. Check Point Research, a cybersecurity firm, says in 2024, says 1 in every 33 newly registered vacation-related domains were malicious or suspicious. This category included phishing sites imitating Booking.com, Kayak, and other popular travel platforms, according to the company.
“Threat actors now have the ability to identify and attack mobile devices, send malicious code to the device, access a device to track its location, turn on your device’s microphone, and intercept messages,” says Frank Harrison, regional director of security for the Americas at Global Travel Protection. “Adopting cybersecurity measures that mitigate threats is critical to protecting travelers and their data. “
Abhishek Karnik, McAfee’s head of risk studies, says there are two places travelers are vulnerable: when booking and when traveling.
“Travelers need to stay vigilant,” he says.
But how?
As technology continues to integrate deeper into our travel experiences, the risk of cyber-attacks while booking trips online or accessing unsecured networks in foreign countries is a real concern.
Peter Hamdy, Auckland general manager
“With my extensive experience in the industry, I can tell you that one of the biggest risks will likely be the evolution of the cybersecurity risk landscape,” he says.
Therefore, check your online hygiene, i. e. replace your passwords frequently, enable two-factor authentication, do not click on any phishing links, and never, ever give your password or access codes to a third party. You can also use an insurance app to stay safe.
A virtual personal network (VPN) can keep you safe, says Joe Cronin, CEO of International Citizens Insurance.
“Travelers are looking for free Wi-Fi, but many public networks they can connect to are not secure and put their personal data at risk,” he explains. “I suggest that travelers use a VPN to protect their phones or laptops when using public Wi-Fi. “
One of the most common social engineering threats during travel is the phishing scam. According to McAfee’s security expert Karnik, attackers could impersonate hotel staff, tour guides, or even fellow travelers to gain access to private data on their devices.
“Always verify the identity of individuals before sharing any sensitive information or handing over personal belongings,” he adds.
Phishing — sending emails mimicking a reputable company to induce you into giving up personal information — is becoming far more sophisticated.
“Travel is a prime opportunity for a spoofing campaign,” warns Rishika Desai, a threat researcher at predictive security firm BforeAI. “Many are looking for a deal during a time when prices are especially high. And cyber criminals are impersonating well-known, legitimate brands.”
The solution? Never click on an email or stay on a link from a source you don’t recognize. Always go directly to the company’s online page to review any offers.
Artificial intelligence has provided cybercriminals with the equipment they need to temporarily attack even the most savvy travelers.
“AI can create attractive websites, create more natural language, and even generate fake reviews,” says Cache Merrill, CEO of Zibtek, a software developer. “Everything is much more valid with AI-based technology, and other people are falling into the trap. “
Although AI makes it even more difficult to distinguish valid offers from scams, synthetic intelligence is not perfect. With a little practice, you can discern AI-generated text, photos, videos, and fake offers. Or you can simply take a shortcut : If an online deal turns out to be too smart to be true, it probably is.
Perhaps the most productive recommendation is to leave nothing to chance. Unfortunately, travelers are simply winging it, according to the latest research. According to a recent Opinium Research survey, only two in ten business travelers say they want to receive cybersecurity education.
“Do your research and make sure you have a plan in place for any potential problems that could arise,” says John Gobbels, chief operating officer of air medical transport and travel security program Medjet. “It’s always more stressful in the moment, and easier if you have systems or backup plans in place.”
There is also CybersecurityArray that protects travelers against unforeseen events. For example, BOXX Insurance and World Travel Protection recently introduced cybersecurity assistance for business travelers, which monitors for emerging virtual dangers and helps them anticipate and avoid potential threats and scams. This type of offer will soon be available to recreational travelers as well.
The golden rule of travel has always been to expect the unexpected. In 2025, that means anticipating and preparing for the growing threat of cybercrime. By doing that, you can ensure your adventures are defined by joyful discoveries — not digital disasters.
ᐧ
A community. Many voices. Create a free account to share your thoughts.
Our network aims to connect others through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
To do so, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilians.
Your message will be rejected if we notice that it appears to contain:
User accounts will be blocked if we become aware or if users are concerned about:
So how can you be a user?
Thank you for reading our Community Guidelines. Please read the full list of posting regulations discovered in our site’s Terms of Use.