Temperatures are rising and the days are getting longer, which means it is that time of the year again: summer vacations. Whether you are planning a relaxing beach getaway, an adventurous road trip, or exploring a new city, summer holidays offer a much-needed break from the daily routine. Unfortunately, cybercriminals think so too, and as many of us prepare for a break from the day job, they are gearing up for play.
Malicious new domain related to summer vacation
In May 2023, the period running up to summertime, 29,880 new domains related to holidays or breaks were created. This represents a 23% YoY increase compared with the same period last year, when 24,367 new domains were created. Of those websites that went live, 1 in every 83 were either malicious or suspicious.
Be wary of who’s approving your vacation
Our researchers also observed several phishing campaigns. One of these was an email allegedly sent from “(the name of the target’s company) Director of Human Resources” with the subject “(the name of the target’s company) Submittal – for – vacations – approval – announcement.”
The email is a fake announcement from the Director of Human Resources regarding the annual and summer open vacation plan for the year 2023. It provides information about vacation days, weekends, office closures for public holidays and terminated employees.
To enter this list, the victim needs to click on the malicious link: mail\.matchs\.best which mimics a legitimate Microsoft login page and is intended to steal the victim’s credentials.
How Phishing Works
The basic premise of a phishing attack is a message sent by email, social media, or other electronic communication means.
A phisher may use public resources, such as social networks, to collect background information about the personal and work experience of their target. These sources are used to gather information such as the potential target’s name, job title, and email address, as well as interests and activities. The phisher can then use this information to create a reliable fake message.
Typically, the emails appear to be from a known contact or organization and contain malicious attachments, or links to malicious websites. Attackers often set up fake websites that appear to be owned by a trusted entity like a bank, workplace, or university. Through these websites, attackers attempt to collect private information like usernames and passwords, or payment information.
Some phishing emails can be easy to spot due to poor copywriting and improper use of fonts, logos, and layouts. However, many cybercriminals are becoming more sophisticated at creating authentic-looking messages, and using professional marketing techniques to test and improve the effectiveness of their emails. Generative AI has given hackers and low-skilled cybercriminals the tools to craft the perfect code and email copy that could dupe even the most suspicious recipient.
When the compensation lures you to click
In our second example, we observed phishing emails that mimiced the airline company TAP Air Portugal. The email was sent from no-reply@flytap\.com with the subject “Flight delay compensation EUR 135”
The contact of the phishing emails is trying to lure the target into clicking on a malicious link in a claim, informing the victim that, as their last flight with TAP Portugal was delayed, they are entitled to compensation. The email contains this malicious site: green\.poc\.mk – which mimics the company site and steals the target’s credentials.
Staying protected against the next phishing attack
At a time when everyone is eager to book their holidays, consumers need to be especially cautious. Here are some top tips to keep cyber safe this summer:
- Always buy from an authentic and reliable source: Before making a purchase, it’s important to authenticate the site you are using to make the purchase. Instead of following a link sent through on email or text message, go directly to the retailer by searching for them on your selected browser and locating the promotion directly. Those extra few steps will ensure you are not clicking on any fraudulent links, and you can make your purchase with confidence.
- Be alert to similar domain names: Many scam websites will often use a domain name similar to the brand they are trying to replicate, but with additional letters or misspellings. To ensure that you are not handing over your banking information to scammers, pay attention to the URLs to check if there anything usual or unfamiliar. By taking a minute to look for tell-tale signs that a website may be fraudulent, you can quickly determine its legitimacy.
- Look for ‘too good to be true’ offers: Phishing scams often promise extremely good discounts on popular holiday packages. If you receive an offer that does appear to be too good to pass up, don’t rush to buy it before it sells out. Chances are it is a scam. Instead, check that the seller is authentic by checking other websites to see if they are offering similar discounts.
- Always look for the padlock: A quick way to see whether a website is secure is to look at whether the URL start with HTTPS. This is an indicator it is compliant with international security standards, and it is usually partnered with a padlock to reflect this. If these are missing, then it’s a strong indication the website is fraudulent and should be avoided.
- Use endpoint security: While we do see an uplift in scam emails during the holiday season, phishing emails are used by cybercriminals all year round. That’s why everyone should be looking to implement email security solutions to prevent them landing in our inboxes in the first place.