Cyber crime in travel – no longer just about the money
ThreatMetrix recently analysed more than a billion web transactions taking place in the travel and entertainment industries.
The company’s “deep dive” into the pair makes for sobering reading, not least as the digital proliferation of the tourism sector shows no sign of slowing – in fact, with restaurants and attractions coming on stream – almost in another wave of travel-related digital activity – there is scope for further cybercrime issues to grow and evolve.
ThreatMetrix says the recent run of data breaches in the travel industry, in particular, shows there is still an educating required to understand of “how stolen identities are used in order to differentiate between fraudulent and authentic activity”.
“Cybercriminals attempt to use stolen identities for activity such as credit card fraud, phishing and online transactions – and often sell stolen identities to underground crime rings.
“Shared global intelligence acts as a kind of personal digital guardian that works to keep consumers’ identities protected against getting burned by fraudsters, both in the busy summer months and year round.”
So why the latest cause for concern?
ThreatMetric analysed a range of areas and disciplines where cyber crime can intersect with billions of transactions.
The report says:
“Device spoofing is the biggest attack vector in this space driven by fraudsters trying to delete and change browser settings in order to change their device identity or fingerprint, or attempt to appear to come from a victim’s device.
“With over six billion user identities compromised since 2013, spoofing or impersonation attacks are growing across the globe. Identity spoofing continues to be the biggest attack vector in regions where organized identity verification tools are not as prevalent.”
Handheld devices are considered more secure than desktops, ThreatMetrix says, but apps make the mobile or tablet more vulnerable.
Cyber criminals are beginning to create fraudulent apps that look authentic to the everyday consumer.
These then contain malware and, of course, give the fraudsters access to a consumer’s personal details.
Both fraudsters and “dishonest establishments” have realised that there is an opportunity (and money to made) for gaming the reviewing systems that have become an intrinsic part of the online travel experience.
ThreatMetrix reckons that an operating with a single device can write 150 reviews in an hour on different sites using the same email address, whereas another method is to use a bot so that one device can produce ten reviews in an hour but from multiple email addresses.
A new area of focus for cyber criminals is around access to loyalty programmes and membership schemes.
This is because they often have a high monetary or resale value attached to them, especially with airline and hotel point schemes.
One particular tactic is to access the account, transfer the loyalty points and make mileage transactions or book trips.
Kevin is senior editor and a co-founder at Tnooz. He was previously editor of UK-based magazine Travolution and web editor of Media Week UK from 2003 to 2005.
He has worked in regional newspapers (Essex Enquirer) and started his career at the Police Gazette at New Scotland Yard in London. He has a degree in criminology, a postgraduate diploma in magazine journalism and publishes his first book - a biography about Depeche Mode - in early-2017.