Incognito — June 2026: Watch Out for Summer Travel Scams

Welcome to the June 2026 issue of Incognito, your monthly privacy and security deep dive with DeleteMe. 

This month:

• Summer Travel and Scams: Scammers love vacation season as much as you do, and rising costs are going to make their “job” easier this year.
• Surveillance Pricing and Rising Costs: Companies are using your personal data to charge you as much as they possibly can. That’s not inflation, that’s surveillance pricing.
• Romance Scams and Privacy: On our podcast, a soldier discovered scammers were using pictures from his social media account to steal from lonely people, and he scammed the scammers.
• Essential Reading: The biggest student data privacy disaster in history; a major automaker pays for selling your location data, Illinois proposes a privacy law that doesn’t quite cut it. 
• Q&A: Can you do anything about surveillance pricing?
• Join DeleteMe at Black Hat x DEF CON: We want to meet you at the event! Express your interest here. 

Summer Travel Plans Are a Scam Magnet

Travel costs are nine percent higher than they were last year around this time. There are few things quite as appealing as a huge discount, especially with how worried most Americans are about their finances right now. Unfortunately, searching for the best deal can be a risky business. 

According to the latest research from McAfee, a third of consumers have ignored red flags while booking a trip or a hotel stay. Nine in ten have reacted to the pressure of an exciting deal by acting faster, often without checking the source of an email or a link. 

Travel scams take many different forms. Most boil down to impersonation. Cybercriminals play the part of booking platforms, especially TripAdvisor and Booking.com. AI lets them create lookalike webpages that steal login credentials and financial information. 

Watch out for: 

• Pressure to book right away
• Unexpected emails and texts
• URLs that don’t match the legitimate websites
• Listed travel prices that are way below average
• Requests to move off-platform to other apps like WhatsApp or Telegram

One wrong move can result in drained bank accounts and disrupted vacation plans. 

If you come across a questionable message, report it to the relevant platforms and authorities like the IC3. If you fall for a fraudulent offer, reset your passwords and don’t trust anyone who reaches out promising to recover your money. 

Surveillance Pricing Is Killing Your Wallet

Inflation isn’t the only reason for the massive increase in travel costs. 

Many airlines, hotels, and travel sites use your personal data to calculate the maximum amount of money you’re willing to part with and change prices in real time. This practice is called surveillance pricing, though companies often mask it under friendlier terms like “dynamic pricing” or “personalized pricing.” For example, if a site sees you searching for a last-minute flight for a family emergency, the company can exploit that desperation to charge a premium.  

Fortunately, you don’t have to just sit by and take it. 

Hide your location. Algorithms use your geographic data to judge your affluence and proximity to competitors. Deny location permissions to travel apps and use a VPN to mask your actual location when shopping for flights and hotels.  

Clear your digital trail. Retailers actively use your search history against you. Clear your browser cookies, wipe your search history, or use an incognito window before you start hunting for deals.  

Ditch the travel and loyalty apps. These apps track your real-time behavior, build deep consumer profiles, and often sell that data to third-party data brokers. 

Remove your info from data brokers. Companies buy giant bundles of consumer data to inform their pricing models. Use a data privacy removal service like DeleteMe to scrub your name, home address, and financial brackets from public databases.  

Want to know more about how companies use your data against your wallet? Read the full blog post here.

Romance Scams: When the Bait Bites Back

Every year, thousands of single people looking for love fall for someone who doesn’t exist. Scammers steal the digital footprints of real military service members, influencers, and other individuals to build hundreds of identical profiles across dating apps and social media platforms to scam people.

In a recent episode of What the Hack, host Beau Friedlander sat down with DeleteMe’s own Ethan Merritt, a former military servicemember who discovered pictures from his social media account were being used to swindle lonely hearts out of their savings. 

While deployed in the Middle East, Ethan began documenting his military journey on Instagram to build a personal creative brand. He didn’t think much of it until a stranger DM’d him to tell him someone was using his photos. 

Within weeks, Ethan was contacted by multiple women across the globe who genuinely believed they were in long-distance relationships with him. The fake profiles claimed he was an American GI stuck in transit, broke, and desperately needing cash. 

The psychological manipulation was far too effective. One victim alone wired €20,000 to the fraudster.

But while most victims of identity spoofing are left helpless, Ethan decided to turn the tables. Using information from one of the scammer’s victims, who acted as an inside “mole,” Ethan created a fake persona online. He actively catfished his own scammer, posing as a fellow fraudster. 

Ethan eventually tracked down the scammer’s exact location and handed it over to the authorities. He followed it up by launching a notification bombing attack with the help of his roommate that completely flooded and dismantled the scammer’s accounts.

Not everyone is prepared to catfish a scammer, but you can: 

• Watch for the stranded ruse: If an online romantic interest claims they are stuck overseas, lost their credit card, or need emergency funds to visit you, stop communicating. No real military unit leaves its service members stranded without logistical support.
• Verify with live video: Never rely on static photos or screenshots. Demand real-time video verification. Even that’s not foolproof thanks to AI. 
• Treat all monetary requests with suspicion: Victims don’t give money to scammers because they seem untrustworthy. Cybercriminals take advantage of your emotions. Ideally, don’t transfer money without an in-person meeting. 

Stay vigilant, audit your public digital footprint, and protect your identity online.

Listen to the full episode of What the Hack to hear how Ethan outsmarted his impersonator — and how you can avoid getting got. 

Recommended Reads

275 Million Students Just Had Their Data Stolen

Edtech platform leaks aren’t exactly uncommon, but the Canvas hack might be the worst so far. Canvas, which is used by millions of students globally, was hit by a massive ransomware attack by the hacking group ShinyHunters. The result? The theft of sensitive personal data from over 275 million individuals. Experts are calling it “the biggest student data privacy disaster in history.” 

General Motors Fined for Selling Data to Insurers

General Motors has agreed to a $12.5 million settlement with California officials over allegations that it illegally sold location and driving data to data brokers and insurers. It’s by far the largest penalty of this kind in the state’s history and sets an important precedent for a growing crackdown across the United States. 

Illinois Proposes a New Privacy Law, Advocates Yawn

Illinois just proposed a new consumer data privacy law. While it would grant residents rights to access, delete, and stop the sale of their personal information, there are still some limitations. Data privacy advocates want better protections for “non-sensitive” info, the elimination of loopholes, a stronger definition of targeted advertising, and the addition of a private right of action. 

Travels Costs Are Up, and Scammers Are Ready

McAfee’s research shows how high travel costs create a bigger sense of urgency for vacationers, resulting in more people falling victim to scams. More than one in three Americans have encountered travel-related cyberthreats and 41 percent of those victims have lost over $500. 

You Asked, We Answered

Q: Can you do anything about surveillance pricing?

A: Yes, but it’ll take some work. 

Many states are starting to propose laws that prohibit surveillance pricing. Do your part to support those laws and fight back against surveillance pricing wherever it appears: 

1. Write to your local lawmakers in support of proposed legislation that regulates or prohibits surveillance pricing and electronic shelf labels. 
2. Remove your personal information from data brokers, which are believed to be a top source of information to fuel surveillance pricing. DeleteMe can help. 
3. Check your apps, especially loyalty apps and others that track your purchase history. Many share data with third parties. 
4. Use a privacy browser like Brave or Tor to cut down on tracking that can fuel higher prices for all your ecommerce purchases. 

Surveillance pricing might be common, but it’s not unbeatable. 

Join DeleteMe at Black Hat x DEFCON

We want to bring the privacy community together this summer! We’re currently scouting locations for a social event at the intersection of privacy and security. If you’re planning to be in Las Vegas this August, please let us know so we can finalize the details. 

Express your interest here

Back to You

Get in touch with us. We love getting emails from our readers. You can also find us on X, BlueSky, Instagram, Facebook, LinkedIn, and YouTube. 

And don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

That’s it for this issue of Incognito. Stay safe, and we’ll see you next month.