Fraud types starting over e-commerce sites in Turkey have focused on tourism and vacation bookings in recent years due to high-profit margins. Landing pages where institution names, photos, and website designs are copied identically have become a major cybersecurity problem.
In this guide, we share 10 golden rules that will help you get rid of the suspicion of "Is it a fake vacation site or a real one?"
1. Check for Domain Name Mismatches
The weakest point of fake sites is their domain names. If the hotel's real name is "X Resort Hotel", fraudsters get variations like "xresorthotel-reservation.com", "x-resort-tr.com", or "xhotelcampaign.com". Legitimate and official hotel sites usually don't have such long suffixes.
2. Click the TÜRSAB Digital Verification Code
Many fake sites place TÜRSAB logos at the bottom (footer). However, you should test whether this logo is just a picture! When you click the TÜRSAB QR Code/Verification system on a real site, it should redirect you directly to the official agency profile at the `tursab.org.tr` address. Never process transactions at places that don't click through or where it says "document cancelled" at the address it redirects to. For the details of the TÜRSAB verification system, you can look at our tursab-dogrulama-ve-dijital-rezervasyon article.
3. "Sponsored" Label in Search Results (Google Ads)
Don't blindly trust the "Sponsored" (Ad) results that appear at the top when you search on Google. Fake hotel networks place themselves directly at the top by giving high advertising budgets. You can find the details of this topic in our google-ads-otel-dolandiriciligi article.
4. Confirm Contact Numbers and WhatsApp Links
Official companies manage communication processes centrally. If you are redirected directly to a different WhatsApp number or a personal line under the name of "Accounting department", you are likely about to be a victim of hotel fraud. Find and call the hotel's main switchboard (0242, 0252, etc.) number yourself to confirm.
5. Pay Attention to Price Discrepancies
The biggest deception is "Urgent Campaign" and "Last Room Opportunity". If a holiday village with a nightly rate of 10,000 TL in other major online tour operators (Booking, Etstur, Jolly, etc.) is sold for 3,000 TL with a "Shock Discount" on its own site, this is not a good opportunity, but a bad trap.
6. Ensure Payment Screen (POS) Security
Make sure there's an "https://" (lock icon) in the address bar of the page where you'll enter your credit card number. If it redirects you to an irrelevant domain with logos like "Garanti" or "Akbank", stop the transaction immediately. Companies have made the 3D Secure system mandatory.
However, remember: the presence of the lock icon does not mean it is safe on its own. Fraudsters can also use valid SSL certificates. We explained this topic in detail in our sahte-ssl-sertifika-tespiti-rehberi article.
7. IBAN or Crypto Currency Requests are Absolute Proof!
If a call agent or website asks you to make the payment via WIRE TRANSFER/EFT to the name "Ahmet A. - Accounting Manager" or a similar personal account, this is the moment the cybercrime is registered. No official hotel will ask you for payment to a personal IBAN.
8. Learn the "Age" of the Site (WHOIS Analysis)
You can see the registration date of the site with free WHOIS tools offered on platforms like RuuSafe. If the website of a facility serving for 20 years appears as "Obtained last month", you are on a copy site. You can also query how fake domain names are detected via the ICANN WHOIS service.
9. Examination of Social Media Profiles
Examine the Instagram and Facebook profiles linked on the website. If there are 50,000 followers but no likes and comments on photos (bot followers) or if the page was established very recently, you are right to be suspicious.
10. Word Games in Cancellation and Refund Terms
Real hotels transparently publish their withdrawal rights, which they are legally obliged to offer, on their sites. In copied fake sites, pages like "Cancellation Terms", "Distance Sales Agreement", or "Privacy Policy" are mostly empty (gives 404) or carry the names of other brands because they were copied.
Fast Checklist: Before You Book
Quickly check these 5 items before paying money to a site:
- Is the domain name correct? Search for the original site on Google, compare.
- Is TÜRSAB verification working? Click the logo, does it go to tursab.org.tr?
- How old is the WHOIS record? Avoid sites opened less than a month ago.
- Is the payment method logical? Definitely reject personal IBAN or cryptocurrency requests.
- Is the price realistic? Compare with other platforms; excessive discount is a red flag.
What Should You Do if You've Been Victimized?
If you paid money to a fake site, don't waste time. Call your bank or credit card company to have the transaction recalled (chargeback). File a computer fraud complaint with the prosecutor's office. Go to the bank and give a statement in person.
You can read our sahte-otel-sitelerine-karsi-hukuki-surec article to learn how legal processes against fraudster sites work.
Frequently Asked Questions
How can I be one hundred percent sure a site is fake? The easiest way to be sure is to call the hotel directly. Find the hotel's phone number independently of search engines and ask if your reservation appears in their system. Fake site operators cannot access real hotel reservation records.
Is it possible to copy the TÜRSAB logo? As a static image, yes, anyone can place the TÜRSAB logo on their page. However, the real DDS (Digital Verification System) badge is created with dynamic JavaScript code and redirects you to the real agency profile on tursab.org.tr when clicked. It's not enough to just look at the logo; definitely click it.
Are hotel ads appearing in Google Ads reliable? No, appearing as an ad is not a guarantee of reliability. Fake sites can enter lists by allocating an advertising budget. Prefer not to use sponsored results, but to use organic search results from established sites and the hotel's official address directly.
Can I get the money I paid back? If you made the payment by credit card, it's possible to operate your bank's chargeback process. If you made the payment by Wire Transfer or EFT, a refund is much harder; therefore, always reject payment requests with bank transfer and IBAN.
