INDUSTRY WATCH
Check Point Research provides examples including dedicated brute forcing tool used to steal accounts , stolen credentials on sale , and travel agents selling discounted flights retrieved using stolen airline and hotel accounts .
destinations , except Russia and has a minimal order of $ 325 .
Phishing a better deal
Phishing scams remain a major technique used by cybercriminals to lure users to provide their details , financial details preferable , and by that , steal funds and generate fraudulent transactions .
In this , travel scams are not exceptional and in this report we provide examples of two cases where cybercriminals impersonate legitimate firms to lure their victims .
In this case , we see a phishing website for the Vietnam Airline website . It offers deals and information , inviting buyers to book trips . This was presented under a lookalike domain https :// vietnam-airline \. org
Phishing Vietnam Airlines website
In our second example we show a malspam campaign sent to victims claiming they won a reward in the name of SouthWest Airline company , similar campaigns seen in other airlines companies as well .
The mail was sent from different senders , with name headers such as SouthWest Airlines Feedback or You ’ re Approved .
Protecting from online travel scams
Wary of deals too good
Scammers often use enticing deals to lure in unsuspecting travellers . If a deal seems too good to be true , it probably is . Nobody will sell you a 50 % off ticket price .
Secure payment methods
When booking a trip online , use a secure payment method such as a credit card or PayPal . These methods offer protection against fraudulent charges and make it easier to dispute any unauthorised transactions .
Check for HTTPS
When making any online transaction , including booking a trip , make sure the website has HTTPS in the URL . This indicates that the website has an SSL certificate , which means the data you enter is encrypted and secure .
Prior to booking with a company online , make sure you know who you are buying from . Check its website , accumulate others ’ reviews and research if someone has heard of this company before .
Check web addresses
Another easy way to identify potential phishing attacks is to look for mismatched email addresses , links , and domain names . Recipients should always hover over a link in an email before clicking it , to see the actual link destination . If the email is believed to be sent by American Airlines , but the domain of the email address does not contain americanairlines . com , that is a sign of a phishing email . p
74 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com