In the EMEA region, including Turkey, package vacation bookings increased by 27 percent compared to the previous year, while air ticket sales increased by 36 percent in the first three months of 2023. As vacation spending increases, it is an important fact that there is an increase in phishing attacks that disguise themselves as travel brands to steal money and personal data. A new analysis of travel-related phishing attacks by Anna Chung, principal researcher at Unit 42, the intelligence unit of global cybersecurity leader Palo Alto Networks, predicts that such cybercrime attacks will be much higher than last year, with phishing attacks in the same region peaking in April 2023 and doubling in December 2022.
Anna Chung, who advises law enforcement officials in Europe on cybercrime activity, explained how vacationers are being targeted:
"The most common phishing attempts involve fraudsters posing as well-known brands and service providers. This makes the scam more successful because users may mistake such phishing sites for the official websites of the service providers. In addition to exposing people to risks such as financial loss, data leakage or account compromise, such attacks can also damage the reputation of travel service providers. On the other hand, it should be emphasized that the pressure on travel service providers is high this year. We observe that fake travel companies operating on the Dark Web and other underground marketplaces are extremely active. These scammers often offer people hotel reservations, car rentals, and air tickets/tours at huge discounts of up to 60 percent. Many of them use well-known travel booking sites for these services and pay with stolen information.''
Given the upward trend of phishing attacks in 2023, travelers and the travel industry continue to be a lucrative target for fraudsters, Chung said, underlining that everyone, including the travel industry, should be vigilant due to the development of AI-powered phishing tools and techniques, and advised those looking for vacation opportunities:
"Be cautious when clicking on links or attachments in any suspicious email messages, including those related to a person's account settings or personal information, or those with a sense of urgency. Verify the sender's address in suspicious emails in your inbox. Double-check the URL and security certificate of each website before entering your login credentials. Report any attempts you suspect are phishing attacks.''