With airline prices to have soar high lately, in the midst of global inflation, everyone is looking for discounts and special offers and are very easily tempted to follow any lucrative offer that will reduce the high prices we are all asked to pay for our next vacation.
It seems that hackers and cybercriminals have decided to capitalize on this trend, in an attempt to maximize their profits by exploiting a need that demands a solution.
Next, Check Point Research shines a spotlight on what appears to be a growing phenomenon in which cybercriminals are offering a variety of deals for those looking to cut costs while trying to get to their vacation destination.
Take advantage of your reward points, even if they are not yours!
Her researchers CPR present examples of what appears to be a growing market in alternative avenues in which threat actors and cybercriminals offer their “goods,” using stolen credentials in personal airline and hotel accounts or accumulated rewards that can be used to purchase tickets or hotel nights.
One method they use is to offer stolen credentials from hotel and airline accounts that have accumulated reward points or airline flights. These stolen credentials are offered for free or for sale on the Darknet hacking forum. Examples of such accounts include hotels such as Marriott, Delta and AA. Cybercriminals also use a special tool to steal accounts from Radisson Hotel with the ultimate goal of accessing accounts with reward points or linked payment cards.
Another tactic is to set up "travel agencies" in Russian illegal markets. These agencies offer flight tickets and hotel bookings at 45-50% discounted prices. However, these deals are ordered using stolen accounts from hotels, airlines and other travel-related websites.
We also present two phishing (Vietnam Airlines) and mal spam (SouthWest) airline impersonation examples.
In the illustration below you can see that the market platform offers tickets of leading global airlines.
Trade stolen accounts with reward/flight points
Here's what's on offer when you ask to buy accounts that have points in them. As the screenshot shows, an American Airlines account holding 1,500,000+ points sells for $435.
Interested in hotel rewards points? Free nights at Marriott? We have what you need
Are you particularly interested in Radisson Account Rewards? Don't worry, these guys will sell you the tool to take over any account and "capture" its points!
The tool used in these cases is a type of software or program used to crack or guess a password or encryption key by trying every possible combination of characters until the correct one is found. Hacking tools are often used by hackers to gain unauthorized access to computer systems, networks and online accounts.
Illegal agencies selling discounted tickets!
The Patriarch service offers buyers 45-50% off an initial booking that can be found at legitimate online booking shops.
These discounted prices are obtained using stolen airline and hotel accounts obtained from the cybercriminals who offer these services.
The ad appearing on the Darknet (followed by the original Russian and English translation by CPR) offers tickets to worldwide destinations, except Russia, and has a minimum order of $325.
Phishing a better offer
Phishing scams remain an important technique used by cybercriminals to lure users into providing their details, preferably financially, and in doing so, steal money and create fraudulent transactions.
In this, travel scams are no exception and in this report we provide examples of 2 cases where cybercriminals impersonate legitimate companies to lure their victims.
In this case, we see a phishing site for Vietnam Airlines website. Offers offers and information, inviting shoppers to book trips. This was presented under a similar to a similar to the genuine domain, the https://vietnam-airline\.org
Phishing website imitating the Vietnam Airlines
In our second example we show a malspam campaign sent to victims claiming to have won a reward in the name of the company SouthWest Airline (similar campaigns are seen with other airlines).
The message was sent by different senders, with titles such as “Feedback from Southwest Airlines” or “You have been approved”.
An example of correspondence:
How to protect yourself from online travel scams:
Be wary of offers that seem too good to be true: Fraudsters often use enticing offers to lure unsuspecting travelers. If a deal seems too good to be true, it probably is. No one will sell you a 50% discount on the ticket price
Use safe methods payment: When booking a trip online, use a secure payment method such as credit card or PayPal. These methods offer protection against fraudulent charges and make it easier to dispute any unauthorized transactions.
Check for HTTPS: When doing any online transaction, including booking a trip, make sure the website has HTTPS in the URL. This indicates that the site has an SSL certificate, which means that the data you enter is encrypted and secure.
Before you book with a company online, make sure you know who do you buy from?. Check out their website, gather reviews from others and research if anyone has heard of this company before
Check the web addresses : Another easy way to spot potential phishing attacks is to look for mismatched email addresses, links, and domain names. Recipients should always hover over a link in an email before clicking on it to see the link's actual destination. If the email is believed to be from American Airlines, but the email address field does not contain “americanairlines.com”, this is an indication of phishing.