Travelling Scam-free in the Asia Pacific
by Sandra Lee, (pictured right) Managing Director, Greater China, Southeast Asia & Korea, Sophos
(September 14, 2023) As the days of COVID and closed borders are seemingly behind us, many people have caught a different kind of bug – the travel bug. Years of restricted travel has seen a surge in travel demands now that borders are open and online travel agencies (OTAs) are reaping the benefits. Travelers too are benefiting from the convenience of organizing their travel online however it might not all be smooth sailing.
To facilitate travel, online travel platforms need to collect and store a considerable about of sensitive personal data from their customers such as credit card information, passport details, billing addresses, full names, phone numbers, etc. This cornucopia of personal identifiable information (PII) makes them a prime target for cybercriminals.
While OTAs need to have the right protections in place to secure this information, travelers should also be aware that there are many scams circulating to capitalize on the current surge in wanderlust offering deals that really are too good to be true.
Travel Scams Across the APAC Region
According to Trafficguard (Marketech APAC, 2023) fraud activities have flooded the online travel market with bots now comprising up to 80% of all invalid traffic for travel advertisers. This surge of cyber threats in the sector can be attributed to significant phishing scams:
1 – Fake travel websites/social media profiles
Fake travel websites leverage sophisticated tactics such as pop-up and online advertisements to entice customers to their website. Similarly, social media profiles are easily impersonated by professional scammers who mimic local travel agencies and sell non-existent travel deals through a fake social media page.
2 – Bogus third-party OLTP webpages
Although OLTP gateways are typically protected by encryption and two-factor authentication, customers should always be extra vigilant to ensure the site they are visiting is legitimate. Scammers will attempt to lure targets away from trusted OTA websites by offering attractive but unrealistically low prices on travel packages and purchases on their fake website. Once a customer fills out their sensitive personal information, scammers will steal this information to use for other means such as identity or financial theft.
There was a recent example of this in Singapore, where a phishing scam was used to successfully steal a victim’s personal information from a third-party website. On the fake OLTP webpage, the victim was guided to fill in their personal details via a false confirmation text message for a fake hotel reservation. In the end, the victim lost approximately US$8,800 (The Straits Times, 2023).
Protecting Customers from Cyber Threats
Travel phishing scams are occurring more frequently in Hong Kong, Singapore and Malaysia, due to the vast amount of people looking to travel again. As the number of online scams across the travel industry continues to rise, businesses need to be taking the relevant steps to protect their customers and themselves.
OLTP gateways are the backbone of the online travel industry, so strengthening their cybersecurity defences is key.
Next-generation cybersecurity technology combined with regular backups, practiced data recovery from backups and maintaining an up-to-date incident response plan help to ensure businesses’ cybersecurity efforts remain up to date, and ready in case of attack. Additionally, businesses should consider 24/7 threat detection, investigation and response solutions, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider.
To protect customers, continual education and awareness on the right cybersecurity practices and risk factors are important. For example, a fictitious travel agency website can be easily identified when you are aware of the common characteristics of a fake website. They typically use URLs that use country-specific top-level domains (such as ".eu," ".ru," ".ua") and sometimes display inactive icons (for example, "AppStore" or "Google Play").
Basic knowledge on the signs of a potential phishing attack will help customers maintain good security hygiene and reduce the chances of falling victim to travel scams. Constant updates including tips and practices to remain vigilant will benefit both the travel industry and travelers.
Businesses should also look to work together in the fight against travel scams. Spreading awareness throughout the industry will ensure more customers remain protected and reduce the effectiveness of travel scams expanding across APAC. If OTAs discover a travel scam or a fraudulent website, notifying other OTAs, and reporting the scam to government agencies like Singapore’ ScamShield will allow for greater awareness of cyberthreats and ensure customers are alerted faster.
In Hong Kong, the Security Bureau (SB) has set up a dedicated task force to coordinate follow up action with relevant law enforcement agencies to aid in scams or fraud cases. In addition, if OTAs are suspicious of potential scams, they can also verify on the Cyberdefender website built by the local police force by filing details such as email address, phone number, platform account, or payment account.
With borders now reopened, ‘safe travels’ means more than just psychical safety and travel providers must ensure the online safety of customers by mitigating the influx of travel scams taking advantage of the world’s new sense of freedom. By implementing a strong cybersecurity stance, maintaining cyber hygiene and educating travelers of the current threats, OTAs will help customers travel safely in 2023.
05:08 AM, 27 Sep, 2023
07:25 AM, 24 Sep, 2023
12:05 PM, 14 Sep, 2023