"As criminals started to look for a new weak link, they found that travel was incredibly successful," Peterson says. "They've been plowing a lot of their efforts and investments into making more and more improvements spoofing an itinerary."
In a 2014 scam, hackers pretended to be Delta Airlines, emailing consumers to say, "Your credit card has been successfully processed," and to provide flight information. Peterson also points to large-scale attacks using Expedia, Airbnb and Booking.com as fronts — all with the goal of either getting your log-in information or installing malware on your machine.
Ford says he's not surprised — not just because of the potential information that hackers can get through setting up fake travel-related sites but because of what travel does to people. Road warriors who frequently travel for work have lowered their barriers, Ford says: "When you get really tired, you do stupid things."
Mobile devices and travel don't always mix well, either. Ford says he's "fairly aggressive" in the security set up of his laptop, but "when I read an email on my phone, I don't have all of those controls. I'm a lot more vulnerable to phishing and [other] attacks — especially when I'm tired."
The good news is that airlines specifically had a 17-percent jump in their TrustScores. "It's very easy when you start from zero to make 17-percent progress," Peterson says, but he points to Delta as a "breakout star" for reacting quickly and effectively after being targeted.
Healthcare also performed poorly, earning the lowest TrustScore out of all industries. Out of 14 healthcare companies analyzed, 13 were classified as easy targets for cybercriminals, suggesting that healthcare security remains lax.
Email Security a Modern Game of Whac-a-Mole
Overall, the TrustScore for the companies that Agari studied increased 8 percent in the second quarter. Peterson describes it as a "sea change," adding, "These are big companies. Making changes is hard for them."
As the major banks learned, however, that doesn't mean these attacks will stop. "Criminals have so many tricks up their sleeve," Peterson says, "and have a new one every day."
Progress is good, but big companies still need to be on alert for whatever's next.
"Spam is a problem and we still don't have it solved. Phishing is a problem and we still don't have that solved," Ford says. "These [hackers] are businessmen and businesswomen. They're incentivized to be successful. They're going to keep reiterating this game of cat and mouse."
Sign up for CIO Asia eNewsletters.