Heading into the Eid al-Fitr celebrations, the Kuala Lumpur acting police chief Datuk Yahaya Othman has estimated 1 million citizens will be leaving the capital for vacation during one of the most celebrated seasons in Malaysia. With this many prospective travellers travelling simultaneously, there is expected to be fierce competition for travel tickets and bookings, and good deals through online travel agents and apps.
Meanwhile, scammers see this as an opportunity to be exploited, particularly through social engineering and phishing. Responding to this, Palo Alto Networks, a leader in cybersecurity, shares insights and solutions to address this increasing cyber risk during the Hari Raya period.
“We’ve seen time and time again how scammers capitalise on people’s eagerness to travel as well as their desire to travel affordably,” said Steven Scheurmann, Regional Vice President, ASEAN, at Palo Alto Networks. “The travel industry is especially attractive for scammers as it is a huge source of sensitive and personal data, including stolen usernames, emails, and passwords, as well as customer data such as identity, payment, and contact information, which means both travellers and travel companies need to be very cautious.”
According to Palo Alto Networks, some of the most common travel-related scams include:
- The use of malicious domains and URLs that impersonate well-known brands and websites.
- Phishing emails/SMS/WhatsApp texts to end users to trick them into either downloading malicious attachments or APK files or clicking on links that lead to malicious website pages or attachments. Threat actors use themes that invoke a sense of urgency (such as outstanding invoices) or emotional appeal to the end users with homecoming-themed emails as we approach Eid).
- Offering a “shadow travel agency” service, they reach out to travellers through various social media platforms, providing travel-related bookings at heavily discounted prices. While travellers transfer clean money to the “shadow travel agency,” the “shadow travel agency” pays the actual service providers, such as hotels or airlines, with stolen payment information. Due to the time gap in payment processing, service providers only realise they have been defrauded when they see the disputed card transactions or chargebacks weeks or months later.
As we approach the Eid al-Fitr season, individuals and organisations need to understand the best practices to protect themselves from these travel-related cyber threats. Palo Alto Networks highlighted the importance of taking precautionary measures as early as possible.
Individuals need to exercise caution when clicking on any links or attachments contained in suspicious emails, especially those relating to one’s account settings or personal information or otherwise trying to convey a sense of urgency; verify the sender’s address for any suspicious emails in their inbox; double-check the URL and security certificate of each website before inputting their login credentials; and report suspected phishing attempts.
Meanwhile, organisations must implement security awareness training to improve employees’ ability to identify fraudulent emails, ensure that their organisation’s data is regularly backed up as a defense against ransomware attacks initiated via phishing emails, enforce multi-factor authentication on all business-related logins as an added layer of security, and implement an end-to-end cybersecurity solution that allows for advanced URL filtering that detects unknown, newly malicious URLs quickly, identifies known samples as malware, and tracks related malware activities.
“Scammers and attacks may affect the individual traveller, major travel corporations, as well as small travel agents and operators—which means everyone needs to stay vigilant in implementing ways to avoid these threats. As Malaysians get ready to travel back home to enjoy togetherness with close relatives, they always need to be aware and cautious to protect themselves,” closed Steven.