Tourist trap: phishers and spammers target holidaymakers
More than 8,000 phishing attacks disguised as offers from popular lodging platforms
Kaspersky Lab researchers have uncovered multiple operations during May seeking to exploit people’s pursuit of holiday bargains.
Among other things, the researchers found more than 8,000 phishing attacks disguised as offers from popular lodging platforms, as well as several email blasts appearing to come from a legitimate travel brand that signed victims up to paid phone services.
Spam and phishing are among the most effective attack vectors. They manipulate and exploit human behaviour, such as brand trust, in a process known as social engineering. The campaigns are often highly convincing, with the attackers using fake sites that are almost identical to the legitimate version, and which easily trick unwary victims into handing over bank card details or paying for a product or service that doesn’t exist.
In the space of just one day (May 21), the researchers detected seven different e-mail blasts disguised as offers from popular booking platforms for airplane tickets and accommodation; with three of them appearing to offer free flights in return for completing a short online survey and sharing the link with others. After three questions, users were asked to enter their phone number, which the fraudsters then used to subscribe the victim to paid mobile services.
Alongside this, the researchers also detected phishing attacks between late April and late May, disguised as popular websites for booking rental accommodation, such as Airbnb (7,917 attacks). In one example, the fraudsters had created a phishing page that closely resembled the legitimate platform, and pretended to offer victims cheap city-centre accommodation with high review scores. Once the victim confirmed the booking and transferred the money, the fraudster and the offer disappeared.
“Late spring and early summer are popular times for scammers, as they exploit people looking for a bargain or a last minute holiday booking. Not only are the fraudulent websites and offers increasingly convincing, more people than ever are booking flights and accommodation on a mobile device such as a smartphone, where it can be harder to spot a fake link, for example. These two trends leave travellers vulnerable to attack. We urge people to use only legitimate websites for booking tickets and accommodation and to make sure they are protected by a security solution with a strong spam and phishing filter that will spot fraudulent approaches before they get to you,” said Andrey Kostin, security researcher at Kaspersky Lab.