Travel scams to avoid

{{whyLabel}}: AI voice cloning technology in 2025 can mimic your voice perfectly from a 3-second social media clip to scam your family.

{{howLabel}}:

• Choose a unique, non-obvious word or phrase known only to your inner circle.
• Instruct family members to ask for this 'safe word' if they receive a call claiming you are in trouble or need money.
• Never share this password over email or unsecured chats.

{{doneWhenLabel}}: [All immediate family members have memorized the secret word].

{{whyLabel}}: Passwords alone are insufficient against modern phishing and 'Choice Jacking' attacks.

{{howLabel}}:

• Activate MFA on all banking, email, and travel booking apps.
• Use an authenticator app (like Aegis or Bitwarden) rather than SMS, which can be intercepted via SIM swapping.
• Save 'Backup Codes' in a secure, offline location.

{{doneWhenLabel}}: [MFA is active on at least 5 critical financial and personal accounts].

{{whyLabel}}: Public Wi-Fi in airports and hotels is often monitored by 'Man-in-the-Middle' attackers.

{{howLabel}}:

• Install a reputable, audited VPN service (e.g., ProtonVPN or Mullvad).
• Set the VPN to 'Always-on' or 'Kill Switch' mode to prevent data leaks if the connection drops.
• Test the connection on your home network before leaving.

{{doneWhenLabel}}: [VPN is installed and successfully encrypting traffic on your mobile device].

{{whyLabel}}: Scammers rely on you being lost and appearing vulnerable; offline maps ensure you don't need public Wi-Fi to navigate.

{{howLabel}}:

• Use Google Maps or Organic Maps (OpenStreetMap-based) to download the entire city area.
• Mark the location of your hotel, the nearest police station, and the official embassy.
• Practice navigating a short route while in 'Airplane Mode'.

{{doneWhenLabel}}: [Map data for the destination is stored locally on your device].

{{whyLabel}}: AI-generated fake booking sites (e.g., 'Airbnnb.com') look identical to real ones and steal credit card data.

{{howLabel}}:

• Double-check the spelling of the URL in the address bar before entering payment info.
• Look for the 'https://' prefix and a valid security certificate.
• Avoid clicking links in 'Urgent' emails; type the official website address manually instead.

{{doneWhenLabel}}: [All trip bookings are confirmed via official, verified platforms].

{{whyLabel}}: Physical theft of a passport is a nightmare; having secure digital access speeds up replacement.

{{howLabel}}:

• Scan your passport, visa, and insurance cards.
• Store them in an encrypted cloud vault (e.g., Bitwarden Send or a password-protected PDF).
• Keep a physical copy hidden in a separate bag from the original.

{{doneWhenLabel}}: [Digital copies are accessible only via biometric or MFA-protected storage].

{{whyLabel}}: 'Choice Jacking' allows malicious public USB ports to simulate screen touches and install malware.

{{howLabel}}:

• Purchase a generic 'USB Data Blocker' (also known as a USB Condom).
• Always plug this between your charging cable and any public USB port (airports, planes, cafes).
• Alternatively, only use a wall AC adapter for charging.

{{doneWhenLabel}}: [Data blocker is packed in your electronics kit].

{{whyLabel}}: In the event of a mugging or 'Spill Scam' distraction, a decoy wallet protects your primary funds.

{{howLabel}}:

• Use an old wallet and fill it with a small amount of local cash (approx. $20 equivalent).
• Add expired cards or 'sample' credit cards to make it look real.
• Keep your real wallet in a front pocket or a hidden money belt.

{{doneWhenLabel}}: [Decoy wallet is ready and separate from your main funds].

{{whyLabel}}: Hotel and Airbnb master keys can be duplicated or stolen by scammers posing as staff.

{{howLabel}}:

• Get a generic metal portable door lock (Addalock style) that fits into the strike plate.
• This prevents the door from being opened from the outside even with a key.
• Use it every night and whenever you are inside the room.

{{doneWhenLabel}}: [Portable lock is tested on a home door and packed].

{{whyLabel}}: Street taxis often use 'Broken Meters' or take long routes to overcharge tourists.

{{howLabel}}:

• Use apps like Uber, Grab, or Bolt where the price is fixed and the route is GPS-tracked.
• Verify the license plate and driver's face before entering the vehicle.
• Never follow a 'whispering' driver in the airport terminal to an unmarked car.

{{doneWhenLabel}}: [First ride is completed via a tracked, official app].

{{whyLabel}}: The 'ATM Tap' scam involves scammers helping you 'tap' your card and then withdrawing more after you leave.

{{howLabel}}:

• Only use ATMs inside bank branches during business hours.
• Give the card reader a physical tug to check for plastic overlays (skimmers).
• Crucial: After a contactless 'tap' transaction, wait until the screen says 'Welcome / Insert Card' to ensure your session is closed.

{{doneWhenLabel}}: [Cash is withdrawn safely with no suspicious hardware detected].

{{whyLabel}}: The 'Bracelet' and 'Bird Poop' scams use small gifts or forced help as a distraction for pickpocketing.

{{howLabel}}:

• If someone tries to tie a string on your wrist or points out a 'stain' on your clothes, keep walking.
• Maintain a 'bubble' of personal space in crowded areas like Las Ramblas.
• Say a firm 'No, thank you' without stopping or engaging in conversation.

{{doneWhenLabel}}: [You have successfully navigated a high-traffic area without engaging with street touts].

{{whyLabel}}: 'Quishing' (QR Phishing) involves fake stickers placed over real menus to steal payment info.

{{howLabel}}:

• If a QR code looks like a sticker or is peeling, do not scan it.
• Manually type the restaurant's URL into your browser or ask for a physical menu.
• Never enter credit card details into a site reached via a public QR code.

{{doneWhenLabel}}: [Menus and info are accessed via official, non-sticker sources].

{{whyLabel}}: Some 'skimming' or 'overcharging' scams only show up as small, recurring charges weeks later.

{{howLabel}}:

• Review every line item on your credit card and bank statements for 30 days post-trip.
• Report any unrecognized transaction immediately, even if it is only a few dollars.
• Consider requesting a new card number if you suspect your card was swiped in a non-EMV (chip) reader.

{{doneWhenLabel}}: [30-day statement review shows zero unauthorized charges].