Travel can be stressful, especially when a problem arises with a flight booking — but the frantic reaction of passengers attempting to rectify an issue is precisely what some scammers have been preying on.
Several passengers have recently googled airline contact details, then called the number that appeared as a top result, only to discover too late that they had contacted a scammer.
This is possible because scammers are exploiting the process whereby Google verifies businesses and ranks top results.
Know the news with the 7NEWS app: Download today
Adelaide founder of RoundAbout Travel, Mark Trim, explained how a number of his agency’s clients had been duped.
“A recent client … got to the airport and at check-in realised they forgot to finalise their visa for entering the United States,” he said.
“They were told they must get an ESTA and then call the airline or their agent to rebook. The phone number that was found on Google for the airline’s support team was, in fact, a scam service that was pretending to be the airline.
“The scammer was clever enough to take advantage of their stressful situation and glean key booking details from them, and then let them know they would have to issue new tickets to get the remainder of their booking corrected.
“They took the credit card payment, but the client never got new tickets.”
Trim gave another example of a client who had given her nickname while making the booking, so their ticket did not match their passport. They were told to call their agent to fix it.
Instead, they googled the airline’s number to resolve the issue directly, and similarly fell victim to the same bank-draining scam.
Scamming Google
There are two ways that scammers manage to get fake airline numbers to appear as legitimate top results on Google, NordVPN cybersecurity expert Adrianus Warmenhowen told 7NEWS.com.au.
The first way is by simply bidding on the Google advertising keywords associated with a brand.
“The worrying trend is that the most popular search engines, like Google or Bing, do not allocate sufficient resources to control advertising,” Warmenhowen said.
A scammer could, therefore, bid for the keywords “(airline) contact details” and secure the top spot for their fake website.
But how are scammers able to be verified as customer support centres, or airline and travel companies? Warmenhowen said it was possible because of a “fundamental problem” with how Google links a digital entity with a physical person.
Manipulating this verification flaw is the second way Warmenhowen suggested the scams were made possible.
“To link a real person with a digital entity, Google needs proof that the digital entity is allowed to represent the company. The main issue is that Google has no ‘live inspectors’ on the spot,” he told 7NEWS.com.au.
“Therefore, they must judge evidence submitted by the real person behind the digital persona without physical contact. As the system must allow for the average capabilities across Australia or globally, the threshold cannot be too high.”
But there is also human error involved, and the airline companies are also sometimes victims themselves.
“In the digital world, human error is always possible, and Google is not an exception,” Warmenhowen said.
“Bad actors also contact Google to take over accounts of large companies, saying that, for example, a former employee did not leave credentials for their account, and they want to change these credentials.”
Warmenhowen said this is especially an issue when the business or brand owner is not available for verification.
Travel agent advises: ‘Push back harder’
Airports are busy places, and under-the-pump airline staff often advise travellers to phone the airline directly to resolve issues.
But Mark Trim said most problems could be resolved at the check-in desk.
“We recommend that clients push back harder at the airport check-in desk, as the majority of the time they can resolve any flight issues at the airport,” he said.
For situations where the airline must be called directly, he said travellers “should either get the number from the airport check-in staff or go to the airline website directly to find the support number”.
The scam itself isn’t new — a Google spokesperson responded to a spike in incidents this time last year.
“Our teams have already begun reverting the inaccuracies, suspending the malicious accounts involved, and applying additional protections to prevent further abuse,” Google said in July 2023.
Google did not respond to a request from 7NEWS.com.au for more information about the ongoing issue.
– With NBC