| As the unofficial summer travel season is underway, many people will be busy with upcoming travel plans. Threat actors will also be busy performing reconnaissance, exploiting vulnerabilities, and capitalizing on travel websites and accounts. They continue to create spoofed travel website domains or attempt to exploit and compromise legitimate travel websites or accounts. Threat actors deceive potential victims using social engineering tactics, such as impersonation, phishing, pretexting, or creating urgency. Travel fraud can appear as manipulated destination photos, fake confirmation links, irresistible offers, or discounted travel. |
| The NJCCIC’s email security solution detected multiple spam campaigns sent to New Jersey State employees. The above campaign appears to be from a travel and expense management website that claims to find the lowest prices on flights, hotels, and car rentals. These unsolicited communications typically push unwanted advertising, collect personally identifiable information (PII), steal funds, or distribute malware. |
| In a separate campaign, threat actors compromised a travel savings card website and emailed potential victims to book their next getaway using their travel savings balance. The subject line specifies that their travel savings balance is available. Other subject lines in this campaign reference “summer is calling,” “beach vacations booking fast,” “deals you don’t want to miss,” and “new month, new deals!” The threat actors attempt to convince their targets to click the “Login Now” button, which directs users to a landing page that prompts them to log in using their Google account credentials. Further analysis indicates this campaign includes stealer malware to exfiltrate credentials and data. |
| Additionally, the proliferation of artificial intelligence (AI) threatens the travel industry. In 2024, travel was the most attacked industry by advanced bots, accounting for 27 percent of all bot attacks, up from 21 percent in 2023. Threat actors can create and deploy malicious bots, create spoofed websites, generate fake reviews and articles, craft sophisticated phishing emails, exploit vulnerabilities, hijack accounts, and exfiltrate data. They have increasingly created fraudulent websites that impersonate official government pages for passports, visas, and TSA PreChecks . Travelers are at risk of fraud, misinformation, and malicious intent when planning or managing trips and itineraries; therefore, they should remain vigilant and employ cybersecurity best practices to help protect themselves from identity theft, financial loss, and disrupted travel. |