Hit the Cyber Underground for the Hottest Travel Deals You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.
Have a hankering to see the world but don't have the budget for it? Not to worry.
People who are not averse to bending a few rules—okay, breaking them—have plenty of options for low-cost travel and holidaying courtesy of a thriving underground market for illegally obtained travel services.
Cybercriminals, never ones to miss an opportunity to make a quick buck, have assembled an impressive portfolio of travel options paid for using stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of coupons, discounts, and free offers, says Trend Micro.
The security vendor took a look at the cybercriminal underground and found services offering everything from deeply discounted airfares, hotel rooms, car rentals, and cab fares to fraudulent travel documents and passport modification services.
For example, a Los Angeles based traveler wishing to see a soccer game at the 2018 FIFA World Cup can get a round trip ticket to Moscow for $500—about 50% off the actual price—and pay another $60 to get a hotel for two nights, at about 60% off the regular price.
A Madrid-based couple could show their two kids a magical time at a Disney World Resort in Orlando for two days for a mere $1,100. The price would include round-trip airfare tickets for the four, two rooms at a Walt Disney resort and four park-hopper tickets to all four Disney World parks—each of which alone would otherwise go for $170 for adults. For around $240, a Moscow resident could get a round trip flight and two-day stay at Santorini in Greece, and for about $300 more, visit the Great Wall in China.
"Stolen credit cards are being used to pay for these travel services," says Jon Clay, director of global threat communications at Trend Micro. "By using a stolen credit card to buy plane tickets, it’s free for the criminal, so they can offer it at a discount to others.
In other instances, hackers employ credential stealing to hack into and take control of a loyalty account to buy something. "If it is a plane ticket or hotel room, they would purchase it under a name they have identification for, like a fake passport," Clay says. For prices ranging from roughly $120 to $365, an individual can purchase loyalty accounts for posh five-star hotels and redeem the points in them for free nights and other goodies.
Another scam involves fraudulently using corporate accounts to get discounted hotel rates. Because hotels typically ask individuals who claim a corporate discount for their ID, underground services are available that sell fake corporate ID cards bearing the names of some of the most recognizable multinational entities.
Criminals, using things like compromised mobile devices or someone else's breached Uber account, are able to offer cab rides and ride-shares in major cities at a fraction of the regular cost, Clay says.
Trend Micro also discovered numerous underground sites and forums offering fraudulent documents for travelers. Among them was one Russian operator offering blank and fully filled Ukrainian passports from between $1,500 and $1,600. The vendor also uncovered passport modification services at prices ranging between $510 and $1,100.
Clay says Trend Micro estimates such fraud is costing the travel industry billions in losses. The airline and hotel industry alone are losing potentially $1 billion each from cyber-related fraud, he says.
"Considering the amount of money being lost to this type of fraud, it seems like this is a crime that is not well-detected," Clay says. There are numerous instances of fraudsters being caught when trying to use illegally obtained flight tickets, hotel bookings and other travel services. "But the numbers overall show that this is a successful method for criminals," Clay says.
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio