Forget pickpockets and lost luggage. The biggest threat to your next vacation might be lurking online.
“Anyone can be a potential victim,” warns Seth Ruden, director of global advisory at BioCatch, a biometric company. “But frequent travellers are likely targets, as travel rewards, airline miles, and other stored payment details on travel accounts can be lucrative and easily monetizable.”
People are worried about cybersecurity more than ever. A recent study by Travelers Insurance found that 62 per cent of respondents were worried about online safety — the highest level in 11 years. (Travelers polled business owners, but other surveys show their concerns are reflected more broadly.)
What are the cyber threats to travellers in 2025?
There is a range of cyber threats facing travellers, from phishing scams designed to steal personal information to fake travel websites and rental listings that leave victims stranded and financially drained. Check Point Research, a cybersecurity firm, says in 2024 that 1 in every 33 newly registered vacation-related domains was malicious or suspicious. According to the company, this category included phishing sites imitating Booking.com, Kayak, and other popular travel platforms.
“Threat actors now have the capabilities to identify and target mobile devices, deliver malicious code to the device, access a device to track your location, activate your device’s microphone, and intercept messages,” says Frank Harrison, regional security director of the Americas at World Travel Protection. “Adopting cybersecurity measures that focus on risk mitigation is essential to protect travellers and their data.”
Abhishek Karnik, the head of threat research at McAfee, says there are two places where travellers are particularly vulnerable: booking and travelling.
“Travelers need to stay vigilant,” he says.
But how?
Practice good online hygiene.
As technology continues to integrate deeper into our travel experiences, the risk of cyber-attacks while booking trips online or accessing unsecured networks in foreign countries is a genuine concern.
Peter Hamdy, managing director at Auckland & Beyond Tours, says you must be on guard in 2025.
“From my extensive experience in the travel industry, I can tell you that one of the most significant dangers will likely be the evolving landscape of cybersecurity threats,” he says.
So brush up on your online hygiene — which is to say, change your passwords frequently, enable two-factor authentication, don’t click on any phishy links and never, ever give your password or access codes to a third party. You can also use a travel insurance app to stay safe.
Use a VPN
Joe Cronin, CEO of International Citizens Insurance, says a virtual private network (VPN) can keep you safer.
“Travelers are always on the hunt for free Wi-Fi, but a lot of the public networks you might connect to are unsecured and put your personal data at risk,” he explains. “I always recommend that travelers use a VPN to secure their phones or laptops when using public Wi-Fi.”
Be careful who you trust.
The impersonation scam is one of the most common social engineering threats while travelling. According to Karnik, the McAfee security expert, attackers may pose as hotel staff, tour guides, or even fellow travellers to gain access to personal information on your devices.
“Always verify the identity of individuals before sharing any sensitive information or handing over personal belongings,” he adds.
Watch for phishing
Phishing — sending emails mimicking a reputable company to induce you into giving up personal information — is becoming far more sophisticated.
“Travel is a prime opportunity for a spoofing campaign,” warns Rishika Desai, a threat researcher at predictive security firm BforeAI. “Many are looking for a deal during a time when prices are especially high. And cyber criminals are impersonating well-known, legitimate brands.”
The fix? Never click on an email and follow a link from a source you don’t recognise. Always go directly to the company’s site to verify any travel offer.
Beware of AI
Artificial intelligence has given cybercriminals the tools to pull a fast one on even the most sophisticated traveller.
“AI can build convincing websites, create more natural-sounding language, and even generate fake reviews,” says Cache Merrill, CEO of Zibtek, a software developer. “Everything seems far more legitimate with AI-driven technology, and people are falling for it.”
Although AI makes it even more challenging for travellers to discern legitimate offers from scams, artificial intelligence isn’t perfect. You can discern AI-generated text, photos, videos, and bogus travel offers with some practice. Or you could take a shortcut: If an online offer looks too good to be true, it probably is.
Do this one thing to protect yourself online.
Perhaps the best advice is to leave nothing to chance. Unfortunately, travellers are just winging it, according to the latest research. Only about two in 10 business travellers say they are required to take a training course on how to improve cybersecurity, according to a recent poll by Opinium Research.
“Do your research and ensure you have a plan in place for any potential problems that could arise,” says John Gobbels, chief operating officer of air medical transport and travel security program Medjet. “It’s always more stressful in the moment, and easier if you have systems or backup plans in place.”
There’s also cybersecurity support, which protects travellers against unforeseen events. For example, BOXX Insurance and World Travel Protection recently launched cybersecurity assistance for business travellers that monitors emerging digital risks and helps them predict and prevent potential threats and scams. This type of support may soon be available to leisure travellers as well.
The golden rule of travel has always been to expect the unexpected. In 2025, that means anticipating and preparing for the growing threat of cybercrime. By doing that, you can ensure your adventures are defined by joyful discoveries — not digital disasters.
Written by: Christopher Elliott
BIO:
Christopher Elliott is an author, consumer advocate, and journalist. He founded Elliott Advocacy, a nonprofit organization that helps solve consumer problems. He publishes Elliott Confidential, a travel newsletter, and the Elliott Report, a news site about customer service. If you need help with a consumer problem, you can reach him here or email him at chris@elliott.org.
