In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams.
For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishing emails and fraudulent duplicate websites to steal usernames and passwords from hotel staff. Once stolen, the attackers use these accounts to request payment from travelers. Booking.com suggests using MFA to prevent such attacks, but it isn’t enough.
Walton expects that these specific criminals will continue innovating to circumvent MFA. These criminals have teams whose sole purpose is to create fake websites and email accounts to send emails. They certainly can innovate further and up their game. MFA alone won’t cut it—these specific problems need to be solved with technology and collaboration.
Technology can mitigate many of these attacks, but collaboration is essential. Organizations can block and detect new and look-alike domains using existing tools like internet gateways, taking responsibility off the end-user to recognize the suspicious domains.
It’s also possible to detect and stop the registration and creation of these websites before they’re leveraged, but real disruption depends on more collaboration. Whether the actors are using AI isn’t particularly important here: how the internet works alone provides plenty of avenues for defenders to identify, slow, or stop these threat actors.
Companies should continue to collaborate to solve the problem of travel scams with technology rather than leaving the responsibility to consumers.