Netizens need to be vigilant of travel scams during the festive holiday season

Travel scams during festive seasons have always been on the rise as cybercriminals and scammers look to make the most out of victims. The risks for holiday goers are never ending unfortunately.

In Malaysia, this Eid al-Fitr, Datuk Yahaya Othman (Kuala Lumpur Acting Police Chief) estimates that one million citizens will be leaving the capital for vacation during one of the most celebrated seasons in Malaysia.

The travel boom signals fierce competition for travel tickets and bookings, as well as good deals through online travel agents and apps. It’s the perfect breeding ground for scammers waiting for an opportunity to exploit this demand, particularly through social engineering and phishing.

“We’ve seen time and time again how scammers capitalize on people’s eagerness to travel as well as their desire to travel affordably,” says Steven Scheurmann, Regional Vice President, ASEAN, at Palo Alto Networks.

“The travel industry is especially attractive for scammers as it is a huge source of sensitive and personal data, including stolen usernames, emails, and passwords, as well as customer data such as identity, payment, and contact information, which means both travelers and travel companies need to be very cautious.”

In the US, a similar problem arises when consumers shop online during the festive season. According to the Federal Bureau of Investigation, thousands of people become victims of holiday scams each year when shopping online.

Two common cybercrimes during this period are non-delivery and non-payment. In a non-delivery scam, a buyer pays for goods or services they find online but never receives these items. Conversely, a non-payment happens when a seller doesn’t pay for goods or services that are being shipped.

These crimes are costly. The Internet Crime Complaint Center’s (IC3) 2021 report revealed that non-payment or non-delivery scams cost people more than US$337 million. Credit card fraud accounted for another US$173 million in losses.

For those traveling during this festive period, Palo Alto Networks has noted the following scams you should look out for during this festive period:

• Malicious domains and URLs: Scammers can use these to impersonate well-known brands and websites such as AirAsia, Scoot, IndiGo, and more.
• Phishing emails/SMS/WhatsApp texts to end users: They are used to trick users into downloading malicious attachments or APK files. Alternatively, scammers may prompt users to click on links leading to malicious website pages or attachments. Look out for themes that invoke a sense of urgency (such as outstanding invoices) or emotional appeal with homecoming-themed emails.
• “Shadow travel agency” service: These agencies would reach out to travelers through various social media platforms and provide travel bookings at heavily discounted prices. While travelers transfer clean money to these agencies, they pay the actual service providers, such as hotels or airlines, with stolen payment information.

What can you do to protect yourself against cyber threats and travel scams during the festive season?

Palo Alto Networks highlighted the importance of taking preventive measures as early as possible.

Individuals should exercise caution when clicking on any links or attachments contained in suspicious emails — especially those related to a user’s account setting or content attempting to convey a sense of urgency.

The world’s cybersecurity leader said that users should verify the sender’s address for any suspicious emails in their inbox and double-check the URL and security for each website before inputting their login credentials. If there are any phishing attempts, they should report it immediately.

Meanwhile, organizations should implement security awareness training to improve employees’ ability to identify fraudulent emails. Companies should also regularly back up the organization’s data as a means to defend themselves and their employees against ransomware attacks initiated via phishing emails.

Multi-factor authentication on business-related logins adds a layer of security and an end-to-end cybersecurity solution allows for advanced URL filtering that quickly detects unknown malicious URLs, identifies known samples as malware, and tracks related malware activities.

“Scammers and attacks may affect the individual traveler, major travel corporations, as well as small travel agents and operators—which means everyone needs to stay vigilant in implementing ways to avoid these threats,” Scheurmann explains.

“As Malaysians get ready to travel back home to enjoy togetherness with close relatives, they always need to be aware and cautious to protect themselves.”

---

---

---