Tourist traps: phishers and spammers lurk behind thousands of fake flight and accommodation offers
Kaspersky Lab researchers tracking the activity of malicious spammers and phishers have uncovered multiple operations during May seeking to exploit people’s desire to secure a good bargain.
Among other things, the researchers found more than 8,000 phishing attacks disguised as offers from popular lodging platforms, as well as several email blasts appearing to come from a legitimate travel brand that signed victims up to paid phone services.
Spam and phishing are among the most effective attack vectors. They manipulate and exploit human behavior, such as brand trust, in a process known as social engineering. The campaigns are often highly convincing, with the attackers using fake sites that are almost identical to the legitimate version, and which easily trick unwary victims into handing over bank card details or paying for a product or service that doesn’t exist.
In the space of just one day (May 21), the researchers detected seven different e-mail blasts disguised as offers from popular booking platforms for airplane tickets and accommodation; with three of them appearing to offer free flights in return for completing a short online survey and sharing the link with others. After three questions, users were asked to enter their phone number, which the fraudsters then used to subscribe the victim to paid mobile services.
Alongside this, the researchers also detected phishing attacks between late April and late May, disguised as popular websites for booking rental accommodation, such as Airbnb (7,917 attacks). In one example, the fraudsters had created a phishing page that closely resembled the legitimate platform, and pretended to offer victims cheap city-center accommodation with high review scores. Once the victim confirmed the booking and transferred the money, the fraudster and the offer disappeared.
Example of a phishing web page copying an authentic website
“Late spring and early summer are a popular time for scammers, as they exploit people looking for a bargain or a last minute holiday booking. Not only are the fraudulent websites and offers increasingly convincing, more people than ever are booking flights and accommodation on a mobile device such as a smartphone, where it can be harder to spot a fake link, for example. These two trends leave travelers vulnerable to attack. We urge people to use only legitimate websites for booking tickets and accommodation and to make sure they are protected by a security solution with a strong spam and phishing filter that will spot fraudulent approaches before they get to you,” says Andrey Kostin, security researcher at Kaspersky Lab.
Kaspersky Lab recommends taking the following security measure to protect yourself from falling into spammers and phishers’ traps:
- If an offer seems too good to be true, it probably is. So you’d better avoid it.
- Carefully look at the address bar before entering any sensitive information such as your login and password. If something is wrong with the URL (it’s misspelled, doesn’t look like the original or uses some special symbols instead of letters), don’t enter anything on such sites.
- Book your stay and tickets only on trusted websites of trusted providers, ideally typing the address of their website manually in the address bar.
- Don’t click on links coming from unknown sources (be it in e-mails, messengers or social networks).
- Use a security solution with behavior-based anti-phishing technologies, such as Kaspersky Security Cloud or Kaspersky Total Security, which will warn you if you are trying to visit a phishing web page.
To learn more about the protection from such threats, read the whole blogpost on Kaspersky Daily
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more atwww.kaspersky.com.
Tourist traps: phishers and spammers lurk behind thousands of fake flight and accommodation offers
Kaspersky
Related Articles Press Releases
Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >Innovation journey: Dubai welcomed Kaspersky's Cyber Immunity Conference
Leading cybersecurity experts, scientists, business leaders and government officials from more than 20 countries worldwide have come together for the inaugural international Cyber Immunity Conference. Exploring the complex and evolving cyberthreat landscape the conference provided invaluable insights into the future of our digital age and celebrated the pioneering efforts of the first Cyber Immunity Champions.Read More >Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design
Kaspersky has presented an updated operating system for thin clients that offers enhanced connectivity, higher speed of applications delivery, lower total cost of ownership, user-friendly graphical interface and quick deployment. Kaspersky Thin Client 2.0 is the main component of the Cyber Immune solution for building thin client infrastructure in a wide range of industries, including healthcare, finance, education and manufacturing.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.