Vulnerabilities / Threats

12/22/2017
02:18 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hit the Cyber Underground for the Hottest Travel Deals

You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.

Have a hankering to see the world but don't have the budget for it? Not to worry.

People who are not averse to bending a few rules—okay, breaking them—have plenty of options for low-cost travel and holidaying courtesy of a thriving underground market for illegally obtained travel services.

Cybercriminals, never ones to miss an opportunity to make a quick buck, have assembled an impressive portfolio of travel options paid for using stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of coupons, discounts, and free offers, says Trend Micro.

The security vendor took a look at the cybercriminal underground and found services offering everything from deeply discounted airfares, hotel rooms, car rentals, and cab fares to fraudulent travel documents and passport modification services.

For example, a Los Angeles based traveler wishing to see a soccer game at the 2018 FIFA World Cup can get a round trip ticket to Moscow for $500—about 50% off the actual price—and pay another $60 to get a hotel for two nights, at about 60% off the regular price.

A Madrid-based couple could show their two kids a magical time at a Disney World Resort in Orlando for two days for a mere $1,100. The price would include round-trip airfare tickets for the four, two rooms at a Walt Disney resort and four park-hopper tickets to all four Disney World parks—each of which alone would otherwise go for $170 for adults. For around $240, a Moscow resident could get a round trip flight and two-day stay at Santorini in Greece, and for about $300 more, visit the Great Wall in China.

"Stolen credit cards are being used to pay for these travel services," says Jon Clay, director of global threat communications at Trend Micro. "By using a stolen credit card to buy plane tickets, it’s free for the criminal, so they can offer it at a discount to others.

In other instances, hackers employ credential stealing to hack into and take control of a loyalty account to buy something. "If it is a plane ticket or hotel room, they would purchase it under a name they have identification for, like a fake passport," Clay says. For prices ranging from roughly $120 to $365, an individual can purchase loyalty accounts for posh five-star hotels and redeem the points in them for free nights and other goodies.

Another scam involves fraudulently using corporate accounts to get discounted hotel rates. Because hotels typically ask individuals who claim a corporate discount for their ID, underground services are available that sell fake corporate ID cards bearing the names of some of the most recognizable multinational entities.

Criminals, using things like compromised mobile devices or someone else's breached Uber account, are able to offer cab rides and ride-shares in major cities at a fraction of the regular cost, Clay says.

Trend Micro also discovered numerous underground sites and forums offering fraudulent documents for travelers. Among them was one Russian operator offering blank and fully filled Ukrainian passports from between $1,500 and $1,600. The vendor also uncovered passport modification services at prices ranging between $510 and $1,100.

Clay says Trend Micro estimates such fraud is costing the travel industry billions in losses. The airline and hotel industry alone are losing potentially $1 billion each from cyber-related fraud, he says.

"Considering the amount of money being lost to this type of fraud, it seems like this is a crime that is not well-detected," Clay says. There are numerous instances of fraudsters being caught when trying to use illegally obtained flight tickets, hotel bookings and other travel services. "But the numbers overall show that this is a successful method for criminals," Clay says.

Related content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.