Malicious actors are making use of popular cloud-based services to host travel-related malware and phishing websites.
After more than a year of scatter periods of border restrictions and travel closures, countries confident of their high vaccination rates have been starting to relax their border policies to allow more vaccinated tourists into their economies.
On the dark side, opportunistic cybercriminals are responding to the travel industry’s recovery—by increasing the output of travel-themed phishing emails and malicious links.
According to one of its co-authors, Anna Chung, cybercriminals are always on the hunt for ways to trap potential victims by using social engineering to exploit hot trends. Now they are seeking to exploit peoples’ strong desire to resume travel once they have met the virus-safety guidelines of their travel destination.
The report documents how registration of travel-themed phishing URLs have climbed with the increasing availability of COVID-19 vaccines. Cybercriminals have used Google’s Firebase application development platform to host malicious websites designed to harvest login credentials, steal payment data and distribute malware from travel industry employees and customers.
In response, as soon as Unit 42 reported fraudulent sites impersonating a vacation rental marketplace, upscale hotel chains, airlines and other travel companies, Google has shut down the scams.
According to the research unit, individuals and businesses can block attacks with the following cyber hygiene best practices:
- Remain vigilant: never click on links or attachments in suspicious emails
- Learn how to verify a website URLs and security certificates before entering login credentials
- Become proficient at identifying fraudulent emails
- Use multi-factor authentication so that cyber criminals will not be able to use stolen credentials to access business accounts
The report also discussed how Unit 42 worked with Dropbox to stop the use of dozens of malicious travel-related documents to infect victims.