Air travel is the fastest and most convenient way to reach our destination. However, the Federal Bureau of Investigation (FBI) released its circular warning to air travelers about the uprising statistics of scam surrounding this mode of transportation. With their submitted report, they noticed the growing complaints of identity theft and unauthorized purchase uprooting from recent bookings for airline tickets.
Cybersquatting and Social Engineering scheme on Airline Industry
Reports say that perpetrators sophisticatedly work overtime in imitating legit airlines website with their controlled domain that mostly with just a single character difference on the address to stealthily deceive victims to make their booking. With this, they were able to capture sensitive information that includes name, DOB, contact number, and worst bank accounts. Due to this ingenuity, perpetrators were able to make money transfer online and purchase at the expense of the victim’s account.
In addition to the report, these controlled domains are also injected with malware and spyware that can steal information such as browsing history, credentials, app listings, photos, and contacts. Once infected, they can also compromise social media accounts but more focusing on banks and bitcoin transactions.
Payload and the Distribution
Few pieces of evidence also recorded that some IoT devices installed in the airport are said to be infected by BOT malware turning these devices as a spy to look out for possible victims and can record information and send this to the perpetrators for their perusal. Evidence shows that even WiFi connectivity on airports is also targeted. There are reports that travelers experience being redirected to the controlled domain of these malicious actors after they connected to the public WiFi of some airports.
As shown on the statistics prepared by the FBI, it shows that almost 96% of airline companies were being targetted by domain parody to spread malicious activity that mainly focuses on the financial aspect. In this regard, the public not only with people that frequently travel, to be more cautious and vigilant in doing transactions online. They should always do a scrutiny check on the addresses that they are accessing and transacting only on the legitimate website of the company they are dealing with. If possible, they should avoid transactions connecting to the unsecured network and impose a high level of credential security to prevent their account from being compromised. Lastly, if possible, call your financial institutions in case of suspicious or unauthorized transactions are observed on your bank accounts, else, your hard-earned will be lost in the thin air.