Cybercriminals try to steal victims’ credentials to use or sell points in benefit programs
Kaspersky researchers have seen an increase in scams during the holiday season, using travel promotions as bait. In Brazil, cybercriminals use the massive launch of fraudulent (phishing) messages that aim to take Internet users to fake pages, which simulate airline websites and booking services to steal victims’ credentials, obtain their points / miles and subsequently sell them.
The security company also points out that these sites are getting better and better and some even show details of actual flights to convey more authenticity to the victims.
How does this scam work?
In an example of a scam circulating in Brazil, Kaspersky experts explain that the victim will have to provide CPF and password to access the (fake) website. This is where credentials are stolen. Once they have access to the account, the scammers will transfer the bonus points / miles and monetize the scam when they sell them.
Another action performed by the criminals is the exchange of the email and phone number registered in the original system: this makes it difficult for the victim to recover the account. Finally, the scammers will try to access other services with the stolen password, and if the victim reuses the same code on other sites, the damage will be greater.
Kaspersky experts still warn others ramifications of the coup. If the victim does not notice the account hijacking and continues to transfer the benefit points to the program, the scammer will continue to steal the benefits / miles. This can happen when the Internet user does not frequently consult your points.
“Cybercrime is increasingly complex and criminals are exploiting seasonality to make their tactics more truthful for users of different types of services,” said Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team for Latin America. “Nevertheless, attacks can be avoided if the user remains alert, from accessing the ticket purchase site to monthly payment for the service. It is important to check what you are accessing and where you put your personal information because, with updates on fraud, there is little care. “
Experts give safety advice
To stay safe while planning your vacation, Kaspersky experts recommend:
- • Look carefully in the address bar before entering any sensitive information, such as your login details and password. If something is wrong with the URL (such as incorrect spelling or use of special symbols instead of letters) do not enter data on the site. If in doubt, check the site certificate by clicking the lock icon to the left of the URL.
- • Book your stay and tickets only through websites with trusted suppliers. If necessary, manually enter your website address in the address bar.
- • Do not click on links from unknown sources (via email, messaging app or social network).
- • If you are aware of a sweepstakes posted via email or social media, please visit the company’s official website to confirm that the sweepstakes exists. You should also carefully check the links the sweepstakes announcement takes you to.
- • Take care of your password and, when registering for frequent flyer programs, create a unique and exclusive password for this site, not reusing it elsewhere.
- • Use a good security solution that can protect you from spam emails and phishing attacks, such as Kaspersky Security Cloud.
!
Source: Terra
Benjamin Smith is a fashion journalist and author at Gossipify, known for his coverage of the latest fashion trends and industry insights. He writes about clothing, shoes, accessories, and runway shows, providing in-depth analysis and unique perspectives. He’s respected for his ability to spot emerging designers and trends, and for providing practical fashion advice to readers.
