Kaspersky warns against credential theft involving termination benefit schemes
In 2022, the travel segment recorded a growth of 32.1% compared to July 2021 and the expectation is that the school holidays this half of the year will follow the growth. With this level, many cybercriminals take advantage of it to apply scams involving steps.
One of the most common attacks is the theft of miles, where scammers activate fraudulent messages that simulate airline websites and reservation services to steal victims’ credentials, obtain their points/miles and then sell them.
From free tickets to websites that imitate airlines or book accommodation, criminals use alleged promotions to trick victims. In 2022, hosting services received 1.3 million false or fraudulent reviews in 2022, 4.4% of all reviews submitted.
How common scams work
In one of the examples of airline ticket scams circulating in Brazil, the victim has to enter his CPF and password to access the fake website, at which point the credentials are stolen. After gaining access to the account, the scammers transfer the benefit points/miles and monetize the scam by selling them.
If the victim does not notice the account hijacking and continues to transfer perk points to the program, the scammer will continue to steal perks indefinitely.
“Criminals take advantage of special dates to make their tactics more truthful. However, attacks can be prevented if the user remains vigilant, from logging into the ticket-purchase website to paying for the monthly service. It’s important to control what you access and where you enter your personal information because, with fraud updates, you can’t be too careful,” comments Anderson Leite, security analyst at Kaspersky in Brazil.
Expert advice on security matters
To stay protected as you plan your vacation and book securely, Kaspersky experts recommend:
- • Beware of very tempting offers! Search the address bar carefully before entering any sensitive information, such as your login details and password. If something is wrong with the URL (such as a spelling mistake or the use of special symbols for letters) do not enter any data into the site. If in doubt, check the website’s certificate by clicking the lock icon to the left of the URL.
- • If you have an account with Airbnb, Booking.com or another booking site, you will probably book through them. In any case, be careful not to lose access to your account. Use a strong password (Kaspersky Password Manager can help you) and enable two-factor authentication if available.
- • Simply book your stay and tickets through websites with reputable providers. If necessary, manually enter your website address in the address bar.
- • Do not click on links that come from unknown sources (via email, messenger applications or social networks).
- • If you become aware of a sweepstakes posted through email or social media, please visit the company’s official website to confirm the existence of the sweepstakes. You should also carefully check the links that the sweepstakes announcement brings to you.
- • Take care of your password and, when registering for miles programs, create a unique and exclusive password for this site, not reusing it elsewhere.
- • Use an asset security solution which can protect you from spam emails and phishing attacks.
HOMEWORK inspires transformation in the world of work, in business, in society. Created by Compasso, a content and connection agency.
Source: Terra
Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.
