Fyde Resources

World Cup, Vacation scams lead in phishing trips this summer

Written by Fyde | Jun 6, 2018 1:00:00 PM

Summer is one of the traditional seasons of scamming, and this summer is shaping up to be a hot one on that front, with active campaigns swirling around supposed ‘security incidents,’ vacation bookings and, of course, the World Cup.

Scammers, for instance, recently targeted Booking.com customers via WhatsApp messages and texts asking them to change their passwords in the wake of a supposed security breach. These were, of course, all phishing lures designed to steal their sensitive financial information.

Booking.com told the Sun newspaper in the UK that the attack correspondence was fully outfitted with booking information. The attackers, it said, likely compromised the systems of hotels to find out details like customers’ names, addresses, phone numbers, dates and prices of bookings and reference numbers.

The malefactors then followed up with a second message demanding full payment for holidays and asking for bank information to process it.

Sinan Eren, CEO at Fyde Security, told us that there are fresh trends in phishing trips this season, including a move away from email to new communication mediums.

‘An interesting development in this new Booking.com campaign is that attackers shifted to text and instant messaging due to lack of robust security and spam filters on those systems,’ Eren told Threatpost. ‘Mobile carriers’ SMS gateways are legacy systems that do not have any modern detection and remediation capabilities. It is rather easy and cheap to open a Twilio or Nexmo account with a stolen credit card and send out text messages to millions of smartphones in a short amount of time. These messaging API providers only react retroactively and shut down accounts once the fraudulent nature of the campaign is reported at volume.’

Further, he noted that instant messaging protocols such as WhatsApp are peer-to-peer by design, so they can only offer very rudimentary controls for detecting scams.

Read the full article at Threatpost