Highlights:
- Check Point Research (CPR) warns about online phishing scams related to summer vacations
- 1 in every 33 new summer vacation related domain registered in the previous month of May was malicious or suspicious
- CPR provides examples of vacation-related scams and tips on how to remain vigilant during the hot season
As the summer season approaches, many of us are eagerly planning our long-awaited vacations, impatiently anticipating moments of relaxation and adventure. However, amidst the excitement of booking flights and accommodations, it’s crucial to remain vigilant against the rising tide of cyber threats targeting vacationers. While we eagerly anticipate our time away, cybercriminals are also preparing, exploiting the vulnerabilities of holiday planning to launch phishing scams and deploy malicious websites aimed at stealing personal information
Summer Vacation Cyber Threats: Beware Deceptive Domains
In May 2024, Check Point Research (CPR) detected a significant surge in summer-related cyber scams, highlighting the need for travelers to stay informed and proactive in safeguarding their personal information. Specifically, a notable surge in newly created domains related to holidays or vacations was observed, with a significant increase compared to the same period last year. Out of the 25,668 new domains registered, one out of every 33 was found to be either malicious or suspicious.
Exercise caution regarding vacation approval processes.
CPR have identified various malicious domains, including sites like booking-secure928[.]com, hotel-housekeeper[.]com, and agodabooking[.]top. These websites impersonate well-known travel brand websites and are designed to deceive users into inputting their login credentials, potentially leading to personal information theft.
agodabooking[.]top
Additionally, be wary of phishing emails disguised as legitimate communications from trusted companies. For instance, one phishing campaign observed in May 2024 involved an email with the subject “Booking.com Invoice 3255753442” sent from the deceptive email address “noreply@b00king[.]biz”. The email contained a PDF attachment called “Invoice-3255753442.pdf”, which, when opened, doesn’t seem to run properly (see image below), notifies that the reader is not supported and then redirects to a malicious website (cloudflare-ipfs[.]com/ipfs/QmZYCr9qyyq2UwPfDvDMyiNGedAsGLgphvaNReTTBMCRiS). Upon accessing this URL, as a decoy, it redirects the user to the legitimate Booking website main page while displaying a URL path that seems connected to the file (booking[.]com/#lnvoice-3255753442.pdf). During this time, two malicious JavaScript files are downloaded to the machine (see image below), and contact another known malicious website (mainhotel5may[.]blogspot[.]com//////////////////////hehehehebeen) from which there is evidence of downloading AgentTesla malware (e.g. javascript file, d5:fffee7bcbf8f724b68d02ebe0c5a133b).
Invoice-3255753442.pdf
Redirect to Booking.com while downloading two malicious JS files
To protect yourself from such threats
- Verify website authenticity by checking for HTTPS in the URL and look for trust indicators such as padlock symbols or site seals. Avoid entering personal information on websites with suspicious URLs or those with misspellings.
- Exercise caution with emails, even those seemingly from reputable sources. Be wary of unexpected attachments or requests for personal information. When in doubt, contact the company directly using contact information from their official website instead of clicking on links in the email.
- Stay informed about the latest cyber security threats and scams by following reputable cyber security blogs, subscribing to security newsletters, and participating in online forums or communities where cyber security professionals share insights and advice.
- Use comprehensive security software such as antivirus and anti-malware programs to regularly scan your devices for threats. Keep these programs updated with the latest definitions to ensure they can detect and prevent new forms of malware.
As you embark on your summer adventures, prioritize your cyber security to ensure a safe and worry-free vacation experience. By remaining vigilant and proactive, you can minimize the risk of falling victim to cyber scams and enjoy your vacation with peace of mind.