Airport Photo by Skitterphoto PexelsNews

Palo Alto Networks warns of travel-related scams this Holy Week

Palo Alto Networks, a cybersecurity solutions firm, warns the public to take precautionary measures now that there is a mad rush to fly out for a break this Holy Week. Scammers are constantly on standby looking for people who would fall prey to their crimes.

“We’ve seen time and time again how scammers capitalize on people’s eagerness to travel as well as their desire to travel affordably,” said Steven Scheurmann, regional vice president, ASEAN, at Palo Alto Networks. “The travel industry is especially attractive for scammers as it is a huge source of sensitive and personal data, including stolen usernames, emails, and passwords, as well as customer data such as identity, payment, and contact information, which means both travelers and travel companies need to be very cautious.”

Palo Alto Networks enhances UnionBank’s security infrastructure
Palo Alto Networks bolsters SaaS applications security

According to Palo Alto Networks, some of the most common travel-related scams include:

  • The use of malicious domains and URLs that impersonate well-known brands and websites. 
  • Phishing emails/SMS/WhatsApp texts to end users to trick them into either downloading malicious attachments or APK files or clicking on links that lead to malicious website pages or attachments. Threat actors use themes that invoke a sense of urgency (such as outstanding invoices) or emotional appeal to the end users with homecoming-themed emails).
  • Offering a “shadow travel agency” service, they would reach out to travelers through various social media platforms, providing travel-related bookings at heavily discounted prices. While travelers transfer clean money to the “shadow travel agency,” the “shadow travel agency” pays the actual service providers, such as hotels or airlines, with stolen payment information. Due to the time gap in payment processing, service providers only realize they have been defrauded when they see the disputed card transactions or chargebacks weeks or months later. 

Security awareness

Meanwhile, organizations must implement security awareness training to improve employees’ ability to identify fraudulent emails, ensure that their organization’s data is regularly backed up as a defense against ransomware attacks initiated via phishing emails, enforce multi-factor authentication on all business-related logins as an added layer of security, and implement an end-to-end cybersecurity solution that allows for advanced URL filtering that detects unknown, newly malicious URLs quickly, identifies known samples as malware, and tracks related malware activities. 

“Scammers and attacks may affect the individual traveler, major travel corporations, as well as small travel agents and operators, which means everyone needs to stay vigilant in implementing ways to avoid these threats,” Scheurmann said. “As Filipinos travel to celebrate Holy Week and spend time with their families, they must also remain aware and cautious of malicious actors to stay safe amid the holidays.”