Vulnerabilities / Threats

12/22/2017
02:18 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hit the Cyber Underground for the Hottest Travel Deals

You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.

Have a hankering to see the world but don't have the budget for it? Not to worry.

People who are not averse to bending a few rules—okay, breaking them—have plenty of options for low-cost travel and holidaying courtesy of a thriving underground market for illegally obtained travel services.

Cybercriminals, never ones to miss an opportunity to make a quick buck, have assembled an impressive portfolio of travel options paid for using stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of coupons, discounts, and free offers, says Trend Micro.

The security vendor took a look at the cybercriminal underground and found services offering everything from deeply discounted airfares, hotel rooms, car rentals, and cab fares to fraudulent travel documents and passport modification services.

For example, a Los Angeles based traveler wishing to see a soccer game at the 2018 FIFA World Cup can get a round trip ticket to Moscow for $500—about 50% off the actual price—and pay another $60 to get a hotel for two nights, at about 60% off the regular price.

A Madrid-based couple could show their two kids a magical time at a Disney World Resort in Orlando for two days for a mere $1,100. The price would include round-trip airfare tickets for the four, two rooms at a Walt Disney resort and four park-hopper tickets to all four Disney World parks—each of which alone would otherwise go for $170 for adults. For around $240, a Moscow resident could get a round trip flight and two-day stay at Santorini in Greece, and for about $300 more, visit the Great Wall in China.

"Stolen credit cards are being used to pay for these travel services," says Jon Clay, director of global threat communications at Trend Micro. "By using a stolen credit card to buy plane tickets, it’s free for the criminal, so they can offer it at a discount to others.

In other instances, hackers employ credential stealing to hack into and take control of a loyalty account to buy something. "If it is a plane ticket or hotel room, they would purchase it under a name they have identification for, like a fake passport," Clay says. For prices ranging from roughly $120 to $365, an individual can purchase loyalty accounts for posh five-star hotels and redeem the points in them for free nights and other goodies.

Another scam involves fraudulently using corporate accounts to get discounted hotel rates. Because hotels typically ask individuals who claim a corporate discount for their ID, underground services are available that sell fake corporate ID cards bearing the names of some of the most recognizable multinational entities.

Criminals, using things like compromised mobile devices or someone else's breached Uber account, are able to offer cab rides and ride-shares in major cities at a fraction of the regular cost, Clay says.

Trend Micro also discovered numerous underground sites and forums offering fraudulent documents for travelers. Among them was one Russian operator offering blank and fully filled Ukrainian passports from between $1,500 and $1,600. The vendor also uncovered passport modification services at prices ranging between $510 and $1,100.

Clay says Trend Micro estimates such fraud is costing the travel industry billions in losses. The airline and hotel industry alone are losing potentially $1 billion each from cyber-related fraud, he says.

"Considering the amount of money being lost to this type of fraud, it seems like this is a crime that is not well-detected," Clay says. There are numerous instances of fraudsters being caught when trying to use illegally obtained flight tickets, hotel bookings and other travel services. "But the numbers overall show that this is a successful method for criminals," Clay says.

Related content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8939
PUBLISHED: 2019-02-19
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
CVE-2019-8935
PUBLISHED: 2019-02-19
Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.