Vulnerabilities / Threats

12/22/2017
02:18 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Hit the Cyber Underground for the Hottest Travel Deals

You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.

Have a hankering to see the world but don't have the budget for it? Not to worry.

People who are not averse to bending a few rules—okay, breaking them—have plenty of options for low-cost travel and holidaying courtesy of a thriving underground market for illegally obtained travel services.

Cybercriminals, never ones to miss an opportunity to make a quick buck, have assembled an impressive portfolio of travel options paid for using stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of coupons, discounts, and free offers, says Trend Micro.

The security vendor took a look at the cybercriminal underground and found services offering everything from deeply discounted airfares, hotel rooms, car rentals, and cab fares to fraudulent travel documents and passport modification services.

For example, a Los Angeles based traveler wishing to see a soccer game at the 2018 FIFA World Cup can get a round trip ticket to Moscow for $500—about 50% off the actual price—and pay another $60 to get a hotel for two nights, at about 60% off the regular price.

A Madrid-based couple could show their two kids a magical time at a Disney World Resort in Orlando for two days for a mere $1,100. The price would include round-trip airfare tickets for the four, two rooms at a Walt Disney resort and four park-hopper tickets to all four Disney World parks—each of which alone would otherwise go for $170 for adults. For around $240, a Moscow resident could get a round trip flight and two-day stay at Santorini in Greece, and for about $300 more, visit the Great Wall in China.

"Stolen credit cards are being used to pay for these travel services," says Jon Clay, director of global threat communications at Trend Micro. "By using a stolen credit card to buy plane tickets, it’s free for the criminal, so they can offer it at a discount to others.

In other instances, hackers employ credential stealing to hack into and take control of a loyalty account to buy something. "If it is a plane ticket or hotel room, they would purchase it under a name they have identification for, like a fake passport," Clay says. For prices ranging from roughly $120 to $365, an individual can purchase loyalty accounts for posh five-star hotels and redeem the points in them for free nights and other goodies.

Another scam involves fraudulently using corporate accounts to get discounted hotel rates. Because hotels typically ask individuals who claim a corporate discount for their ID, underground services are available that sell fake corporate ID cards bearing the names of some of the most recognizable multinational entities.

Criminals, using things like compromised mobile devices or someone else's breached Uber account, are able to offer cab rides and ride-shares in major cities at a fraction of the regular cost, Clay says.

Trend Micro also discovered numerous underground sites and forums offering fraudulent documents for travelers. Among them was one Russian operator offering blank and fully filled Ukrainian passports from between $1,500 and $1,600. The vendor also uncovered passport modification services at prices ranging between $510 and $1,100.

Clay says Trend Micro estimates such fraud is costing the travel industry billions in losses. The airline and hotel industry alone are losing potentially $1 billion each from cyber-related fraud, he says.

"Considering the amount of money being lost to this type of fraud, it seems like this is a crime that is not well-detected," Clay says. There are numerous instances of fraudsters being caught when trying to use illegally obtained flight tickets, hotel bookings and other travel services. "But the numbers overall show that this is a successful method for criminals," Clay says.

Related content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-15137
PUBLISHED: 2018-07-16
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2017-17541
PUBLISHED: 2018-07-16
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
CVE-2018-1046
PUBLISHED: 2018-07-16
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow ...
CVE-2018-10840
PUBLISHED: 2018-07-16
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-10857
PUBLISHED: 2018-07-16
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.