2023 Seeing Online Travel Related Scam Surge, Says Cyber Crime Expert

The Great British Holiday Getaway has started with schools closing their doors for summer and families making their way to airports and ports in huge numbers.

Data has shown a steep rise in holiday spending compared to 2022. For example, there was a 27 per cent jump year-on-year on package holiday bookings, while airline bookings rose by 36 per cent (Cardlytics) in the first three months of 2023.

Less reported until now has been how travel-related phishing attacks that impersonate travel brands to steal money and personal data have also soared.

According to a new analysis of travel-related phishing by Anna Chung, principal researcher, Palo Alto Networks Unit 42, the number of these cybercrime attacks will be significantly more than last year.  For example, the 2023 peak of phishing attempts was in April, which was already double the peak of 2022 in December.

Commenting on how holidaymakers are being targeted, Anna, who also advises European law enforcement agencies on cybercrime activity, said: “The most commonly seen phishing attempts are impersonating known brands and service providers, which increases the success rate of the scam as travellers may confuse the phishing sites with the legitimate service providers. This type of attack not only exposes individuals to the risk of financial loss, data leakage, or account takeover, but it also causes reputational damages to the travel service providers.

It is worth highlighting that the pressure on travel service providers is high this year, as we observed fairly active travel fraud service providers in the underground marketplaces on the Dark Web and elsewhere. These fraudsters usually provide individual travellers with accommodation reservations, automobile rentals and flight/sightseeing tickets worldwide with heavy discounts as large as 60%, and many of them leverage well-known travel booking sites for these booking services and pay with stolen payment information.

The upward phishing trend in 2023 shows how travellers and the travel industry continue to be lucrative targets for criminals. With new tools like AI-empowered phishing tools and phishing kits and techniques being developed, everyone including the travel industry needs to stay vigilant.”

Anna’s advice to travellers searching for holiday deals is:

  • Exercise caution when clicking on any links or attachments contained in suspicious emails, especially those relating to one’s account settings or personal information, or otherwise trying to convey a sense of urgency.
  • Verify the sender’s address for any suspicious emails in your inbox.
  • Double-check the URL and security certificate of each website before inputting your login credentials.
  • Report suspected phishing attempts.