As temperatures rise and the days grow longer, many of us start planning our much-needed summer vacations. Unfortunately, cybercriminals are also gearing up to exploit these vacation plans through a variety of online scams1. This article will delve into the world of online summer scams, how they operate, and share some valuable tips on how you can protect yourself.
According to recent reports by Check Point Research (CPR), there has been a concerning rise in online phishing scams related to summer vacations. Specifically, CPR found that 1 in every 83 new summer vacation-related domains registered in the previous month were either malicious or suspicious1.
In May 2023 alone, 29,880 new domains related to holidays or breaks were created, representing a 23% year-over-year increase. Of these new domains, approximately 1.2% were identified as being malicious or suspicious1.
Online fraudsters use a variety of methods to execute their scams, with phishing being one of the most common. One example of this is an email scam where the sender poses as the Director of Human Resources from the target’s company. The email subject is designed to appear official, such as “Company Name – Vacation Approval Announcement”. It provides information about vacation days, public holidays, and even terminated employees. The email includes a malicious link that mimics a legitimate Microsoft login page, with the intention to steal the victim’s credentials1.
But how does phishing work? Cybercriminals send messages via email, social media, or other electronic communication methods, often impersonating a known contact or organization. They may use public resources, such as social networks, to collect background information about their targets, including names, job titles, and email addresses, as well as interests and activities. They then use this information to create a convincing fake message.
The emails typically contain malicious attachments or links to malicious websites. Attackers often set up fake websites that appear to be owned by a trusted entity, like a bank or workplace, in an attempt to collect private information like usernames, passwords, or payment information. While some phishing emails can be easy to spot due to poor copywriting and improper use of fonts, logos, and layouts, many cybercriminals are becoming more sophisticated at creating authentic-looking messages1.
In a second example, the scammers sent phishing emails mimicking the airline company TAP Air Portugal. The email informs the recipient that their last flight with TAP Portugal was delayed, and they are entitled to compensation. The email contains a malicious link that mimics the company’s official site and is designed to steal the recipient’s credentials1.
So how can you stay protected against these summer scams? Here are some tips:
- Always buy from an authentic and reliable source: Before making a purchase, ensure you authenticate the site you’re using. Instead of following a link sent through an email or text message, search for the retailer directly on your browser and locate the promotion directly. This simple step will ensure you’re not clicking on any fraudulent links.
- Be alert to similar domain names: Many scam websites use domain names similar to the brand they’re trying to replicate, but with additional letters or misspellings. Pay attention to the URLs to ensure you’re not handing over your banking information to scammers1.
Summer vacations are a time to relax and unwind. However, the rise in online scams related to vacations is a sobering reminder that we need to remain vigilant. By understanding how these scams work and implementing a few simple protective measures, you can ensure that your summer vacation remains a safe and enjoyable experience.