Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to avoid common travel and vacation scams

Jen A. Miller | March 1, 2016
From social engineering before you even get on the plane to apps that are riddled with security holes, it’s never been easier for cybercriminals to target unsuspecting travelers.

As usual, winter's been bleak. You're ready to go ... anywhere else. Somewhere warmer, brighter, more fun. 

And someone else is there waiting and ready to steal your information — and your money — in the process. 

Travel scams are ripe and ripening as the days grow longer, in some high and very low tech ways. 

"The really staggering message that came through in 2015 was that it was the year attackers spent a lot less time and energy on really sophisticated technology intrusions and instead spent the year exploiting us," says Kevin Epstein, vice president of the Threat Operations Center at Proofpoint

Criminals don't just want to grab your information when you're planning either. Your trip itself makes you a target, too. 

Pre-trip hacking

Travel is a focus of scamming for two reasons. 

The first is money -- lots of it. "Booking the trip turns out to be a great way to give away a lot of money," says Epstein. "You voluntarily provide lots of personal information." Not only do most sites require you to put in your credit card information to book a trip, but many also have you create a login and password to use the site. 

If a criminal can make you believe that you're putting that kind of information into the right place, they can take over your money and your digital life. Or, if they can send you something that looks legit, and you download what they ask, they get into your computer and everything that's stored therein. 

The second reason is that travel companies have lagged behind when it comes to the security of their sites. When other online sectors strengthened their walls, scammers went the path of least resistance, which lately has been travel. 

Banks, says Charlie Abrahams, senior vice president at MarkMonitor, used to be the subject of such cloning, by have "taken steps to deal with it," adding that MarkMonitor has recently seen an uptick in travel companies requesting the same kinds of service they have been providing for banks. 

"We deal with sites that illegally pretend to be a site for the purposes of capturing credential information," says Abrahams. Some of these sites can be found by searching for deals, and some by clicking on emails that purport to be from a legitimate travel entity. 

Fraudsters are also moving into the app space with travel as a target, though attacks there aren't big — yet. Abrahams says that MarkMonitor has been spending more time scanning online app stores "because there are a lot of apps there that are completely fake," he says. Sometimes these apps will glom onto famous name brands in the hopes of just getting people to download the apps; they may also be looking to get your information too. Sticking to big name brands and downloading only from well known app stores like iTunes or Google Play is the best way to keep those out of your life, and off your data. 


1  2  Next Page 

Sign up for CIO Asia eNewsletters.