{"id":13350,"date":"2019-05-29T06:08:41","date_gmt":"2019-05-29T10:08:41","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/travel-phishing\/13350\/"},"modified":"2020-03-26T17:01:34","modified_gmt":"2020-03-26T13:01:34","slug":"travel-phishing","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/travel-phishing\/13350\/","title":{"rendered":"Learn how to spot travel phishing"},"content":{"rendered":"

Summer\u2019s coming, and that means vacation season is on its way. A lot of people are looking through travel websites in search for interesting places to go, cheap places to stay, and tickets at interesting prices. And, as usual, scammers are eager to give them what they are looking for \u2014 sort of.<\/p>\n

In addition to the usual tactics scammers use to rob you<\/a> while you\u2019re looking forward to having a nice vacation, these travel tricks are worth knowing before you start planning your next trip. In this post we\u2019ll dig into some details and talk about how malefactors try to trick excited folks into believing they\u2019re on a genuine travel website. All of these methods were spotted in the wild by Kaspersky Lab\u2019s researchers during late April and early May, and you can thwart them all with three simple best practices.<\/p>\n

1. Look at the address bar\n<\/h2>

The most common advice on protection against phishing is to use simple vigilance, but still, if cybercriminals manage to create a really impressive looking clone of the original website, a lot of people forget this simple step and don\u2019t look at the URL to see what website they\u2019re actually on. And malefactors know how to make us unwary.<\/p>\n

For example, take a look at this sweet deal: a nice cozy apartment for just \u20ac14 a day. Interesting, huh? And the site looks as if it\u2019s really Airbnb.com. The design, the comments from different people describing their pleasant time at the apartment and being so pleased with the host \u2014 everything looks so real. Anything you\u2019d expect to find on Airbnb, you\u2019ll find here.<\/p>\n

\"\"<\/a><\/p>\n

Except it\u2019s not Airbnb. It\u2019s a fake. If you look at the URL in the address bar, you\u2019ll see something like this: abnb63213491.byethost8.com\/rooms\/7858853<\/em>. Doesn\u2019t look like airbnb.com, does it?<\/p>\n

The scam usually goes as follows<\/a>: After a short conversation the \u201chost\u201d will ask you to send a certain amount of money to reserve the apartment for you. Once you do that, they stop responding.<\/p>\n

\"\"<\/a><\/p>\n

How do people usually get to pages such as this one? Similar offers can be found in spam e-mails, in messaging apps, and in social networks. Sometimes, they pop up in ads on search engines or social networks.<\/p>\n

By the way, even though scammers invest quite some time in creating such convincing website clones, they are still mostly lazy. Here\u2019s another example of a phishing Airbnb page, and you may notice that comments here are left by the very same \u201cguests\u201d as on the previous page. Once you know that, it\u2019s tough to take these pages seriously.<\/p>\n

\"\"<\/a><\/p>\n

2. Look closer: Tricky letters<\/h3>\n

Now let\u2019s take a look at another site, also neatly designed and resembling a real one. Now that you know to look at the URL first, you can do that. The first thing you should notice is that the URL seems to include booking.com, but the site looks as if it belongs to another travel giant, Expedia. But, OK, perhaps one of them bought the other one or something else happened \u2014 it\u2019s not your job to keep track of travel mergers, after all. You\u2019re just here to get a good deal on plane tickets or a place to stay.<\/p>\n

\"\"<\/a><\/p>\n

But take a closer look at the URL, especially at the letters in the word booking<\/em>. Notice those weird symbols below the letters k, i, n<\/em> and g<\/em>? That\u2019s not dirt on your screen or a computer glitch. In fact, these are different letters. They\u2019re part of the Latvian alphabet \u2014 and yes, boo\u0137\u012f\u0146g.com and booking.com are completely different websites. <\/p>\n

So, a quick glance at the URL may not be enough to spot the phish. You need to look closely; scammers really love using alternative alphabets to disguise phishing page URLs. To be sure, click on the lock at the left of the address bar and choose \u201cShow certificate\u201d to take a look at who the site\u2019s real owner is.<\/p>\n

3. Look twice: URL shorteners<\/h3>\n

Another tactic scammers employ to try to fool you is using URL shorteners. Say you see a link somewhere advertising cheap rentals or discounts on airline tickets, and the link looks shortened. Thanks to Twitter, we\u2019re all used to shortened URLs, and links beginning with t.co or goo.gl don\u2019t surprise us at all. We treat those links as legitimate. So why should we worry about links beginning with, say, twixar.me<\/em> or tinyurl.com<\/em> \u2014 these certainly look like the results of using yet another shortener.<\/p>\n

And they are, but you should never trust shortened URLs. If you click on a shortened link, you always have to check where exactly it brought you. Shortened links aren\u2019t necessarily malicious, but they can be. You could end up on a fake Expedia page like the one below, where you will be prompted to enter your login and password for Expedia (for instant transfer to cybercriminals). Oh, and in this case the fake page also asks for your e-mail password, which you should never, ever enter anywhere but your e-mail provider\u2019s website or e-mail apps.<\/p>\n

\"\"<\/a><\/p>\n

As for Airbnb accounts, malefactors like to steal them for later use in money laundering. They use your account to offer places to stay and other accounts to pay for those stays, making the money appear to have been legitimately earned. <\/p>\n

4. Bonus: Detecting travel spam<\/h3>\n

One of the easiest ways to lure people to phishing pages is send them very convincing messages. And that\u2019s what criminals do. The problem is, it may be hard to realize that the message from yet another airline company is a fake one. Looking into the \u201csender\u201d field doesn\u2019t give you much as e-mail protocol allows you to send mail from any address. The content may be thoroughly copied from the original mailing of the same airline.<\/p>\n

\"\"<\/a><\/p>\n

What gives the malefactors away is the link address. They want you to land on a website, and so they have to direct you there with a link or a button. But if you hover your cursor over that link, the URL\u2019s destination address will appear (in the bottom left corner of your browser or e-mail app, for example). And since you\u2019ve read the rest of this post, you know what to look for.<\/p>\n\n

Tips to spot travel phishing<\/h3>\n

Now that you know the tricks scammers use to fool you, you can stay on the safe side and avoid their phishing nets. Let\u2019s quickly sum up a few short tips on how not to fall for phishing (you can read more about protection from phishing in general in this post<\/a>):<\/p>\n