Summer vacation: phishing scams accompany travel

Summer has just begun, a season that brings with it an expression of vacation and travel. This is a good opportunity to raise the point the phishing and scams that already accompany our travel plans this summerhotel reservations and all internet companies related to the tourism sector.

Travel-themed phishing lures of summer 2022

Bitdefender recently launched a report alert that collects data for the “summer phishing” segment. The campaign, which has been running since April and saw a 25% increase over March, could reach its highest peak in June, according to data from the survey.

ICT Channel: 5 Effective Business Automation Measures

The content of the scams focuses precisely on travel reservations, booking confirmations, gift bonuses with free airline tickets but also last minute offers. In order to fully trace the profile of this type of scam that we may encounter (taking into account spam email traffic), it is necessary to list the keywords that accompany these phishing scams. So it was found that fake emails could come via big international brands such as Delta, American Airlines, United Airlines, and Alaska Airlinesasking for surveys, bonuses and gift cards.

We have already witnessed, even in recent times, this kind of scam aimed at hitting big international brands and mass diffusion like Nespresso, Tefal and so on. The type is exactly what we cover in this article, but the topic is for the summer period: travel, hotels, vacation and reservations, but also the system used to build fraudulent websites, is not much different, especially for bonuses and gift cards, after a short survey.

We remember everything Its purpose is to steal access credentials or personal data of the userwhich will compile convinced of fraud by providing credit card details as well, never receiving any gift but seeing how unknown charges are being targeted and their details used in future malicious campaigns.

Not only websites but also Trojan distribution emails

When it comes to travel and vacation, this year’s analysis of email traffic showed that, in addition to the type of fraud that uses the victim’s persuasion to provide data to gain privilege, there is an increase in malicious messages designed to transmit Trojans in order to steal credentials, information thieves who compromise our device, if we download this attachment, possibly in the form of a fake receipt, invoice or payment order, which in fact will put a strain on the integrity of our computer. The target brands in this case are large hotel chains and international tour operators such as Accor Hotels, Panorama Tours and Meritus Hotels.

How to protect yourself from phishing and securely book?

The good practice email management principles we’ve learned to highlight in regular phishing campaigns also apply to this huge wave of the summer period. In addition, it is worth highlighting a few key points highlighted in the Bitdefender report that affect our approach to reading emails and trusting content.

  • Watch out for messages in the content of which we see ambiguous repetition of grammatical errors, differing from simple typos;
  • when we come across a promotional announcement, be it by email or via a social network, we avoid finalizing the purchase at first sight, it is good to search by contacting the source directly and read about it, then continue or search for the same item promotions on well-known and legal booking platforms, of which we are sure of the seriousness;
  • in Italy, but also internationally, fraud complaints are more accessible for payments made with credit cards or payment instruments such as PayPal, so we avoid paying the travel booking bill by bank transfer or cryptocurrency;
  • tour operators or travel booking platforms, hotels and flights will never complete the purchase by loudly asking for your credit card details over the phone, beware of these types of calls, even if they come at the same time as receiving an SMS that was apparently sent by legitimate brands you seem to know (even those will be fake, instead pushed by a modified Caller-ID scam);
  • ignore unwanted and unexpected emails, especially if they contain click links or attached downloads.

Prevention remains important. Like other types of cyber attacks, phishing is difficult to stop 100%, however, inbox spam filters can help and it is recommended that you activate this option if it is not already active. Instead, it is worth reiterating that the best defense always remains to be aware of the phenomenon, to know how to recognize it in order to be able to prevent it.


Leave a Comment