NOTE: Iris Detect has supplanted PhishEye, with dramatically expanded capabilities. Please explore Detect for your brand protection, anti-fraud, and spoof infrastructure analysis needs.
As this year’s travel season heats up, SPF takes on a new meaning: Summer Phishing Frenzy.
Since January 2018, 566 million records have been leaked or compromised in publicly reported breaches of travel and transportation organizations. According to the 2019 IBM X-Force Threat Intelligence Index, travel is the second-most attacked of all industries, suffering 13 percent of total observed attacks in the last year.
With consumers and companies in this space gearing up for a busy summer season, we wanted to better understand the threats facing this industry. With a focus on travel-related phishing scams, our team conducted research into the current landscape. The approach was twofold: a consumer survey of more than 1,000 individuals to understand awareness (or lack thereof) and a thorough PhishEye investigation to determine whether summertime coincided with an uptick in malicious activity targeting travelers.
We uncovered some interesting facts:
- Half of survey respondents have either booked summer travel already, or have plans to do so leading up to and during prime summer vacation time.
- Most use popular sites such as Expedia, Travelocity and KAYAK.
- More than half said they are unaware they might be ripe targets when booking their summer travel.
Some respondents said they had clicked on a link or email that they thought was from a trusted travel company only to find out that it was an attempted scam. Among them, 20 percent reported a compromise of their personal information, while 71 percent said they are unaware whether anything bad happened to their devices or information.
Moreover, we confirmed that travel sites are prime targets of domain spoofing attempts. When looking at domains aiming to imitate Airbnb’s brand, PhishEye uncovered more than 70 spoofed domains created over a two-week period. This suggests a rise in suspicious activity targeting travel sites this time of year. Examples of fraudulent Airbnb domains with a Risk Score of 70 or higher (scores of 70-99 predict potentially malicious domains before they are weaponized) include:
- airbnbpromo[.]net
- airbnbprices[.]com
- airbnb-bookins[.]review
- airbnbhostpr[.]com
- airbnb-update[.]org
- checkin-airbnb[.]com
- airbnbvrbo[.]com
- airbnbb[.]net
- airbnbexclusive[.]com
Airbnb is only one example. Other popular sites face similar risk. This data serves as yet another reminder of how adept malicious actors are at knowing which companies, individuals and industries to target, and when. For the full survey results, and more information about the correlation between cyber threats and seasonal travel, check out the infographic below. It includes a summer vacation checklist, featuring ways travelers and travel companies can enjoy their fun in the sun without getting burnt.
