Flights, hotels, discounts: how scammers cash in on the May holidays

BrandSecurity experts analyzed popular scam schemes ahead of the May holidays and shared recommendations on how to protect yourself and your loved ones.

Publication date
30.04.26
Reading time
7 minutes

The May holidays are a "high season" not only for tourism, but also for fraud. Planning a trip, looking for good deals, and organizing leisure activities can sometimes lead to lost money and compromised personal accounts. Many people rush to take advantage of discounts and check sources less carefully — and attackers take advantage of this.

Ruslan Krivulin

Founder of BrandSecurity

"Ahead of long holiday weekends, every year we record a spike in phishing campaigns disguised as promotions from well-known brands. Scammers effectively copy companies' marketing — from websites to email campaigns. A user sees a familiar brand and makes a decision faster than they can notice anything suspicious."

Popular scam schemes are related to travel planning, sales, and charity. At the same time, scam methods are becoming more sophisticated, making it increasingly difficult to recognize a phishing email or a fake website.

“A special offer just for you”

Large holiday discounts supposedly from popular stores are the most widespread scam scheme.

How it works:

  • the user receives an email, SMS, or message in a messaging app about a promotion from a well-known brand;
  • the user follows a link to a copy of the official website;
  • after "placing an order," scammers steal the user’s account details or bank card data.

“Don’t miss cheap flight tickets”

Attackers create fake websites and Telegram channels, pretending to represent an airline or a ticket booking service.

Example scenario:

  1. while planning a vacation, the user comes across a private Telegram channel selling cheap flight tickets;
  2. a manager offers tickets at a big discount — all the user needs to do is transfer money to a card;
  3. after payment, the manager stops responding, and the money for the flight goes to the scammers.

The scam is not always discovered immediately. Sometimes victims only find out about it at the airport. This gives scammers time to move the resource and change its name.

"Book a hotel at a discount right now"

Before the holidays, the number of fake listings for house and apartment rentals, as well as discounted booking offers, rises sharply.
Scammers copy pages of popular services and require an advance payment, then disappear.

“Last concert tickets at a low price”

Attackers create a website that appears to belong to an event organizer or ticket agency in order to sell tickets to May concerts and major events "at an attractive price." The scammers' goal is to steal money and bank card data.

Why scammers are harder to recognize now

Attackers have moved from primitive deception to sophisticated brand imitation. They copy companies' visual identity, use logos, and create dozens of fake websites and accounts.

In the past, phishing emails could often be recognized by spelling and punctuation mistakes. Now, with the help of AI tools, scammers can quickly create well-written emails that are almost indistinguishable from real marketing messages.

Ruslan Krivulin

Founder of BrandSecurity

"The barrier to entry for fraud is getting lower, and attackers are increasingly using AI tools to create phishing websites. Fake resources and messages often look convincing, which makes vigilance especially important when planning trips and making purchases."

How to avoid falling for scammers' tricks

Pay close attention to the source, especially when you are offered “the best deal with the biggest discount” and pressured to make a purchase urgently.

If you are asked to transfer money to a bank card or phone number, you are dealing with scammers. Legitimate companies and services use online card payment processing — a secure way to accept online payments by bank card.

In email campaigns

Check whether the sender is official. Scammers often make the sender address look similar to the company name by changing just a few characters or adding extra symbols. For example, instead of info@magazin.ru, the email may come from inf0@magaz1n.ru.

On the website

Besides the website design, pay attention to several technical details.

  • Website address and domain
Check whether there are extra characters and what domain zone is used. For example: skidki.com instead of skidki.org.

  • Whether the website address contains HTTPS
Check for an SSL certificate — just look at the browser address bar. Official websites that care about security use the HTTPS protocol, where the letter “S” stands for secure. Depending on the browser, a lock or shield icon may also be displayed next to the address.

A browser warning about an unsafe connection or a “Not secure” label is a reason to close the tab immediately, even if the website design looks convincing.

  • Website creation date
To check how long a website has existed, use a WHOIS service such as whois.ru. Copy and paste the website address, and the service will show information about the owner and the domain creation date. If the website was created yesterday or just a few days ago, you should not buy tickets or goods there.

On social media and in messaging apps

There are two common situations where the risk of fraud is high.

  • A company representative messages you directly and offers a ticket or product at a big discount
Legitimate companies and services do not offer discounts in private messages. Most often, it is attackers who make “personal offers” and lure users to a phishing website, where the customer loses their data and money after payment.

  • You come across a supposedly official Telegram bot offering cheap tickets and discounts
To create bots, attackers copy logos, names, and visual style, which can make it difficult to tell a fake from the original. A key warning sign is an offer to buy a ticket directly through Telegram. Official bots may share information about promotions, but payment will always be processed through a secure website.

It is also worth checking whether the offer in the bot matches the information on the brand’s official website.

Attention to detail and avoiding rushed decisions are the best protection against fraud.

How companies can protect their brand and customers

General recommendations:

  • monitor for clones: weekly, or daily during holiday seasons, search for the brand and product name in search engines, social media, and messaging apps, and check marketplaces;
  • save links to suspicious websites and take screenshots as evidence of unauthorized brand use;
  • file complaints with domain registrars, hosting providers, or marketplace moderation teams;
  • implement automated monitoring to detect brand clones faster.

Ruslan Krivulin

Founder of BrandSecurity

"The key task for businesses today is not only to sell, but also to protect their digital reputation. We are constantly improving our DRP platform, BrandSecurity Rocket, so we can find violations and brand clones even faster. A team of analysts and legal experts supports the entire process from monitoring to blocking violations — we eliminate the threat before an attack on the brand becomes widespread."

See which digital threats your company is exposed to

We’ll run an initial analysis of online platforms and show existing violations across domains, social media, and marketplaces