You’re packing for the beach, juggling kids, cancelling meetings. A notification pings:...
“Booking update – payment issue with your flight ✈️ Click here to verify.”
You’re distracted. You click. It looks fine. You fill in your card details.
Only later do you realise; that it wasn’t Ryanair or Booking.com. It was a scam.

In summer 2025, thousands of UK and EU travelers were hit by travel-themed phishing scams, spoofed Wi-Fi portals, and fake booking confirmations. Scammers know we’re more distracted when we travel — and they strike when our guard is down.
Why Smart People Slip Up on Holiday
This isn’t about being careless. It’s about being human. Behavioural science explains why:
- Context-dependent memory – The habits we follow at work don’t always travel with us. Put us in flip-flops, and we forget what we’d never do at our desk.
- Hot–cold empathy gap – We underestimate how our decisions change when we’re tired, distracted, or in a hurry
- Peak–end rule – We remember the emotional high point and end of a trip. Cyber hygiene doesn’t usually feature — unless it goes wrong
- Present bias – We prioritise immediate ease (e.g. get the boarding pass) over future risk (e.g. stolen credentials)
Real-World Examples from Summer 2025
-
Viktoria’s Booking.com scam – Viktoria Tkach, a university student from Greenwich, received a message via the Booking.com app stating her hotel payment had failed. Under time pressure and trusting the app, she paid £791 to what turned out to be a scammer. She only realised the error on arrival. Booking.com eventually refunded her after media intervention. (Sky News) -
Emma’s fake villa nightmare – Emma Last and her family from Chorley booked a luxury villa in Mallorca via a site impersonating Oliver’s Travels. They transferred over £4,000, only to discover hours before their flight that the villa didn’t exist. The emotional and financial toll on her family was significant. Some funds were recovered, but flight losses remained.
-
Spoofed Wi-Fi networks – A man in Australia was charged with setting up fake airport Wi-Fi hotspots to steal users’ logins. Similar scams have been reported across Europe, especially at tourist-heavy hubs. (The Guardian)
-
Sensitive files forwarded from corporate to personal email for “just a quick edit” during travel
6 No-Nonsense Steps for Safer Travel
- Don’t use public Wi-Fi for anything sensitive. No banking, no logins. Use mobile data or a VPN (Virtual Private Network – ask us if you’re unsure).
- Set a ‘holiday plan’ with your team. Define how you’ll handle approvals, file access, and “urgent” requests before you leave.
- Turn off auto forwarding from work to personal email. It is convenient — and it bypasses every layer of enterprise security.

- Don’t click booking links in emails. Go directly to the official site or app. Always.
- Use password managers and biometrics (fingerprint, face ID). They reduce typing errors and help avoid fake login pages.
- Watch for urgency + reward. “Fix this fast” + “Keep your upgrade” = classic scam combo.
On holiday, we change context — and context changes behaviour. That’s when scammers strike: not because we’re reckless, but because we’re relaxed.

Cyber security isn’t just for the office. It should travel with you.
👉 Want to build habits that stay with people — even on holiday? Why not read our previous blog: Getting into the Habit – of Better Cyber Security
At Psybersafe, we make it easy: short, fun monthly episodes that help your team build stronger habits without even breaking a sweat. If you want to come back from holiday to good news (and not a cyber mess), drop us a line at [email protected].
We love behavioural science. We’ve studied it and we know it works. If you want to know more about the science of persuasion and influence and behavioural science in general have a look at our sister site https://influenceinaction.co.uk/
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
