With summer break in full swing, the scammers are still putting potential victims in their crosshairs. There are loads of unpredictable and insecure factors when people are on the move — keeping track of travel and accommodation bookings, unreliable Wi-Fi, and all the social media shares they need to target their victims. It’s the perfect recipe for a tasty phish!
Vacation booking phishing are emails sent seemingly from well-known airlines, hotels and booking services notifying you of an urgent issue you need to review. Most times, these scammers are just guessing that you have a reservation. In this sense, they’re casting a very wide net, hoping to trap the people who do. Their goal is to compel you to click a dubious link and log into a cloned malicious website where you then give up personal data and credit card information.
Social media sharing can make you a very easy target for vacation scams. It’s considered a sensible practice to avoid sharing vacation information until after you’ve returned home. Cybercriminals, and even criminals in general, use widely shared information to target you, your friends, colleagues, or even your home! Update your social media privacy settings to limit who can see your information — especially when it reveals your location.
Friend phishing is how cybercriminals use your information to spoof your identity, often through social media. They will create a fake account in your name, with your photos, and phish your friends or coworkers for personal information or money. This is common during summer holidays and often involves an awful story about being pick-pocketed or robbed while abroad, followed by an urgent request for survival or travel money. If you get any requests like that from a friend or a coworker, always make sure to use a second, unrelated, communication method to verify their claim. Notify your friends about the phishing attempt so they can take action, such as reporting the fake account and changing passwords.
Tips to avoid vacation scams and travel phishing:
- Verify all links and email addresses if you receive an email about a vacation booking. The email and links should always include the name of the official booking service you used. For example, URGENT@yourbookingservice.com is probably the real deal, while URGENT@yourbookingservice123.com is likely the imposter.
- Wait until you’re home from vacation to share those vacation pics. Not only does this protect you and your contacts from spear and friend phishing, but it also keeps actual burglars from breaking into your empty home.
- Always use reputable booking services to reserve hotels, transportation or fun activities while on your vacation. Most of these services have decent security systems and protocols in place. If your personal information is stolen from a reputable travel company, you can easily contact their customer support and it’s more than likely they have official processes to rectify the issue.
It is just as easy to fall victim to a phishing attempt at work as it is to fall for a vacation scam. Employees need ongoing anti-phishing training and simulation tests to protect against these techniques, especially since phishing attacks are continuously getting more sophisticated, and social engineering attacks can have costly consequences, such as compromised data and damaged networks. Contact us today to learn more about how you can build your Human Firewall to protect your organization.