Spammers are pushing travel-themed lures on English-speaking recipients
The dark underbelly of the internet never takes a break, and cybercriminals seem to have set their eyes on exploiting eager travellers as we settle into 2023.
With global tourism forecast to rise by 30 per cent this year, the latest Bitdefender Antispam Lab telemetry illustrates how opportunistic scammers are setting up their playing field to defraud potential travellers.
Notable travel-themed spam campaigns aimed at stealing data and financial information from unwary individuals were observed beginning Dec 20 and continued throughout the holiday season and beyond.
Particularly, spammers pushed their travel-themed lures on English-speaking recipients, with 53 per cent of the correspondence targeting US inboxes. The US is followed by Ireland (10 per cent), India (6 per cent), the UK and South Africa (5 per cent each), and Germany (4 per cent). Other European countries, including France, Sweden, Denmark, and Italy, weren’t entirely spared the deluge of spam emails.
Three in five travel-themed emails scanned by Bitdefender antispam filters are scams
Researchers at Bitdefender Labs note that only 40 per cent of the travel-themed spam emails received over 30 days were marketing lures. The remaining 60 per cent was marked as scams, including some that abused the names of well-known airlines to gain access to users’ sensitive information and travel rewards or loyalty accounts.
The list includes Southwest Airlines, Ryanair, Lufthansa, Air France-KLM, and American Airlines.
Travel rewards programs and gift cards are among the most exploited subjects:
- Congratulations! A United Airlines reward has arrived!
- Congrats! You’ve received a Southwest Airlines reward
- Shopper, you can qualify to get a $US90 American Airlines gift card!
- Confirmed Your American Airlines Reward
Airline loyalty programs are highly desired digital assets for cybercriminals as they contain a wide variety of personally identifiable information on travellers and airline points that can be monetized on the dark web.
Just a taste of the travel-themed phishing lures to expect in 2023
For example, phishing emails purporting to come from German carrier Lufthansa urged recipients to fill out a new award redemption form to collect 24 euros worth of miles. A second campaign informed individuals of suspicious transaction attempts on their accounts that the scammers say led to the temporary restriction of their credit cards.
Most giveaway and survey scams offer recipients free miles and gift cards ranging from $US90 to £GBP500. Fraudsters also anticipate consumer behaviours and incentives that prompt them to book or buy travel packages – as seen in this bogus survey aimed at stealing personal and financial info from users.