The holiday season is often synonymous with relaxation, travel and disconnection. Paradoxically, however, it coincides with a rise in cyber threats. Cybercriminals exploit this period to target less vigilant users or companies whose IT teams are running on reduced staff. According to CISA and the FBI, ransomware attacks and other threats increase during the holidays, when monitoring is less active and systems are more exposed. The summer season also sees a surge in phishing and smishing attempts, as well as exploitation of public Wi-Fi networks, making vigilance even more essential before and during your trips.
For all professionals, and even more so for individual users, the risks go beyond the theft of information. They include the compromise of sensitive data, the installation of malware or ransom demands for substantial sums. During the holidays, the proliferation of digital uses - online bookings, authentication on unknown hotspots, periodic account checks on mobile devices - opens up new attack windows. Adopting good practices before leaving (system updates, VPN activation, multi-factor authentication, etc.) is crucial to effectively protect your data and enjoy your summer break with peace of mind.
1. Phishing (fraudulent emails / fake websites)
Case: scam targeting Booking.com travelers in Australia (2023-2024)
The ACCC (the Australian competition authority) reported 363 complaints in 2023 mentioning Booking.com, an increase of nearly 600% compared to 2022, with cumulative losses exceeding $337,000 .
Users received messages via the Booking.com platform - apparently from their hotel - asking for a "funds verification" via a link. The site almost perfectly mimicked the official interface, but it was a scam designed to steal credit card details. One victim acknowledged that the message seemed authentic, but that the requests changed when she communicated again through the official channel .
2. Smishing (fraudulent SMS)
Case: Roaming Mantis campaign in France (2022)
The Chinese group Roaming Mantis sent fraudulent SMS messages to users in France, asking them to click on a link under the pretext of a parcel or a subscription. On Android, this resulted in the installation of MoqHao (or XLoader), malware capable of stealing data and intercepting SMS messages; on iOS, victims were redirected to a fake Apple page to steal their credentials .
Around 70,000 French Android devices were compromised through this method .
3. Public Wi-Fi attacks (Man-in-the-Middle)
Case: interception in tourist environments
Studies by McAfee and the FTC have highlighted that public Wi-Fi networks in hotels and airports are often poorly secured. Cybercriminals can intercept data (credentials, credit cards, SMS) over unencrypted connections. Using a VPN is strongly recommended to protect against this. (Note: the exact link is not available, but this type of warning is widely documented by cybersecurity authorities.)
4. Ransomware
General trend in the travel sector (2024)
Check Point Research has documented that, on average, the travel industry faces 1,270 cyberattacks per week in 2024, including phishing, fake bookings and ransomware. These attacks are often launched while IT staff are absent, allowing criminals to encrypt sensitive data or demand a ransom to restore access to systems. (The figures are drawn from general IT security reports for the sector.)
5. Vishing (voice phone scams)
Classic case: IRS fraud / "Hollywood Con Queen" (USA)
Between 2012 and 2016, vishing rings impersonated US IRS or immigration agents, threatening victims with arrest if they did not pay immediately. In parallel, the so-called "Hollywood Con Queen" fraud used emotional calls, often spread over several days, to extort large sums from victims. (These practices are well documented in reliable sources such as Wikipedia and government reports.)
6. Quishing (QR code fraud)
Geographic case: European tourist areas (generalized examples)
In some holiday locations (parking lots, restaurants, posters), malicious QR codes are pasted on top of or replace the official codes. By scanning them, users are redirected to a phishing site or to a malware installation page. Although less publicized, this type of attack is on the rise and must be taken seriously.
Summary table
| Attack type | Concrete example | Potential impact |
|---|---|---|
| Phishing (email) | Fake Booking.com messages targeting travelers in Australia | Theft of banking or personal data |
| Smishing (SMS) | Roaming Mantis in France, 70,000 devices compromised | Mobile infection, credential theft |
| Public Wi-Fi | Hotel network/fake Wi-Fi access point intercepted via MitM | Interception of credentials, passwords, SMS |
| Ransomware | Attacks during IT absence in the tourism industry | Encryption of critical data, ransom demand |
| Vishing (voice call) | IRS fraud or "Hollywood Con Queen" | Forced payments, emotional extortion |
| Quishing (QR code) | Falsified QR codes in tourist locations | Redirection of data to malicious sites |
Specific recommendations
-
Phishing & Smishing: never click directly on a link received via SMS or email; access the official service directly via your browser or the app.
-
Public Wi-Fi: always use a VPN to encrypt communications; avoid logging into a sensitive account on an open network.
-
Ransomware: enable multi-factor authentication (MFA), perform regular external backups, restrict administrative rights.
-
Vishing: stay wary of urgent calls, hang up and verify via official contact details.
-
Quishing: only scan QR codes provided by official sources, and verify their origin before following the link.
Holiday periods provide real opportunities for cybercriminals: sophisticated phishing (notably AI-generated), large-scale smishing, fake Wi-Fi connections, hijacked QR codes and targeted ransomware. Real-world examples show that even savvy users can be caught out. Adopting good practices - vigilance, security technologies, training - remains essential to protect yourself effectively.