Stay safe online: Top tips for web bookings

The growth in online holiday bookings has led to an increase in holiday fraud as fake websites make it easier for fraudsters to operate. By following these tips, you can stay safe when booking online:

  • Check that the website address that appears in the top window is correct. Fraudsters can clone legitimate websites but will change the last part of the web address, such as from to .org. They can also produce a realistic-looking website, but with the spelling of the address slightly different from that of the authentic site
  • Take some time to do your research. A thorough online search will throw up reviews which can reveal more about the holiday or company
  • If the company you are using claims to be a member of a trade association then you should be able to easily verify membership on the trade association’s website, for example on
  • When entering your personal or payment details online, make sure the site you are booking on is secure by having a padlock in the address bar and address beginning https:// or shttp://.

Paying for your holiday: Follow the guide below to make sure you make secure payments that are also protected 

  • Where possible, book with a credit card (or a debit card that specifically offers protection) – your credit card company protects purchases between £100 and £30,000. Do note, however, that there may be a surcharge for some credit card payments.
  • You should never pay directly into an owner's bank account. Paying by direct bank transfer is like paying by cash – the money will not be traceable or refundable.
  • Booking with an ABTA Member means you are booking with a reputable company that is bound by a strict code of conduct. 
  • Don’t use a Money Transfer Agent such as Western Union or Moneygram – these are not intended for commercial payments and payments cannot be traced if you encounter a problem.
  • Check terms and conditions to confirm exactly what you are buying and don’t be afraid to ask questions. A legitimate company will be able to answer your queries straight away or get back to you with the answers you need.

Case study: Andrew - Hexham

Andrew made contact with a fraudster when booking a holiday rental via He was told to pay half of the cost of £770 into a Spanish bank account, as that’s where the villa owner was supposedly based, despite the villa being in France. After this had happened, the victim heard nothing back from the villa owner to confirm the booking. He then realised that the genuine owner of the rental knew nothing about the transaction, and the money had actually been taken by a fraudster. 

Case study: Sheree - Enfield

Sheree booked a holiday with, exchanging money with a man who was renting out his villa. However, as she was boarding the plane, she received an email saying there was fraudulent activity on the seller’s account and that she had in fact sent the money to the hacker, not the real holiday seller. The fraudster had hacked into the genuine renter’s account and intercepted the bank details so she had paid them the money instead. She lost £1,200.

Sheree therefore had to pay for a whole new villa as she was already on her way to the destination. Despite what had happened, the company would not help her find another property, and refused to refund her any of the money she lost. At this stage, she isn’t receiving any advice or guidance as to how to handle the situation, which is frustrating given she was the victim in this case. 

Case study: Peter - Hassocks, West Sussex

Peter had booked a holiday online before, and had a really great experience. So a few years later when he started looking for villas in Corfu, he was hoping for a similar experience.

When Peter was looking for villas, he found one in Corfu that looked great, and appeared on two different websites: one on and one on a holiday retreats website (which has since been taken down).

He applied for booking information on both sites for the same villa but went with the cheaper option. Once booked, he received confirmation email, and even called the seller to confirm. He received three further emails to arrange the date and confirm the booking before he transferred the money to a Barclays account in the UK.

About 3 weeks before he and his family were due to leave, his daughter spotted the details of the website had disappeared. They then tried calling the seller, but couldn’t get through. It was then they realised that the booking they had made was fraudulent. They alerted Barclays who looked into it, and also reported it to Action Fraud. Unfortunately, they couldn’t track the fraudster or get their money back. They lost around £8,000 in total.