Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services. Or a fraudster will use your personal information to receive health care in your name, and a scammer tricking individuals into paying for fake travel opportunities or services.
These are some cases of travel scam and identity theft which remain a major concern especially now that technology continues to evolve, providing scammers ways to use more sophisticated techniques to steal identity, personal information, and money. As a leisure seeker, you may be taking time off, but you can be sure cybercriminals won’t take a break. While traveling, you may encounter scams, and theft of identity that expose your personal data, devices, and online privacy in danger.
Vacation is a time for pleasure and relaxation, but for some, it can be a source of stress or trauma as victims of identity theft or “hijack scam” while away from home. In the past, travelers needed to be vigilant against the physical harm or assault inflicted by thieves or snatchers. Today, the threat landscape is evolving. While adversaries continue to leverage some classic techniques, criminals are now more trained and need not resort to physical contact to rob. They operate using the latest technologies to evolve their tactics into sophisticated strategies in executing targeted attacks.
METHODS SCAMMERS USED
Identity theft and travel scams are executed through various methods, according to Adrian Hia, managing director of Asia-Pacific at Kaspersky. These can be in the form of phishing, where criminals send fraudulent emails or messages to trick users into divulging personal information like credit card numbers and passport details. Identity thieves hack into one’s personal account, hijacking one’s data and taking over one’s online identity to commit fraudulent acts or crimes.
Scammers may also install computer viruses and worms or embed them in emails and disseminate more phishing emails to other people. Other than emails, phishing may be done in various methods such as text messages, chat rooms, electronic fake banner advertisements or message boards, fake mailing lists, fake job search sites and job offers, and fake browser toolbars.
Hia mentioned that fraudsters use skimming devices at Automated Teller Machines (ATMs) and Point-of-Sale (POS) machines to steal card information, and create fake travel websites offering unrealistically low prices to deceive users into providing payment details.
Hia also divulged another common tactic used by scammers. This technique involves unauthorized scanning of Radio Frequency Identification (RFID) – enabled items like credit cards and passports, allowing criminals to steal sensitive information without direct contact. Criminals use portable readers, often referred to as “skimmers,” to scan RFID tags remotely without the victim’s awareness. This allows them to capture personal data, including credit card numbers and expiration dates, without physically accessing the victim’s wallet or purse.
Social media networks can also facilitate identity theft in several ways. According to Hia, when users share too much personal information such as full names, birthdates, addresses, or travel plans, it becomes easier for cyber criminals to gather the details needed to impersonate them. Additionally, scammers can use phishing links disguised as legitimate posts or messages to trick users into providing sensitive information. Furthermore, the public accessibility of data on social media profiles can be exploited by identity thieves to answer security questions or bypass account protections.
Fraudsters often conduct travel scams by creating fake websites or sending phishing emails that appear to offer great deals on airline tickets, accommodations, and vacation packages. These sites and emails, according to Hia, are designed to look legitimate, luring users into providing their personal and financial information. They also use social engineering techniques to gain access to profiles, tricking individuals into sharing passwords or other sensitive data, he said.
IDENTITY THEFT AS TOP FINANCIAL CRIME CONCERN
Computer-related identity theft is a serious cyber crime. Results from the survey conducted by global analytics software firm FICO showed concerns about identity theft persist among Filipino respondents, with over 23% citing it as their top financial crime concern. This was followed by having a bank account taken over by a fraudster at 16%, their credit or debit card being stolen and used (13%), their cash being stolen (8%), and fake online retailers and fake advertisement tricking them into buying goods that never arrive (6%).
In a hijack profile scam, hackers gain unauthorized access to a social media account through phishing or social engineering tactics which is a violation of Sections on Illegal Access, Computer-related Fraud, and Computer-related Identity Theft of Republic Act 10175 or the Cybercrime Prevention Act of 2012. Once they get personal information of their targets, it enables them to commit identity fraud or fraudulently obtain goods or services.
RA 10175 penalizes any person found guilty of Computer-related Identity Theft with imprisonment of prision mayor ranging from six to 12 years, or a fine of at least PhP200,000 up to an amount corresponding to the damage incurred, or both penalties combined.
TRAVEL-RELATED SCAMS
The travel industry, on the other hand, is a source of sensitive and personal data, including stolen usernames, emails, and passwords, as well as customer data such as identity, payment, and contact information which is why it is so attractive to scammers.
Tech firm Palo Alto Networks relayed some of the most common travel-related scams, including the use of malicious domain and URLs that impersonate well-known brands and websites. Another form of travel scam is Phishing emails/SMS/WhatsApp texts to end users to trick them into either downloading malicious attachments or APK files or clicking on links that lead to malicious website pages or attachments. Threat actors use themes that invoke a sense of urgency or emotional appeal to end users.
Apart from these, fraudsters offer a “shadow travel agency” service where they reach out to travelers through various social media platforms, providing travel-related bookings at heavily discounted prices. While travelers transfer clean money to the “shadow travel agency,” the “shadow travel agency” pays the actual service providers, such as hotels or airlines, with stolen payment information. Due to the time gap in payment processing, service providers only realize they have been defrauded when they see the disputed card transactions or chargebacks weeks or months later.
PROTECTIONS AGAINST SCAMMERS
While criminals use various technologies to steal sensitive information, cybersecurity firms emphasize the full protection of data from scammers. At Kaspersky, according to Hia, they emphasize the importance of safeguarding RFID-enabled items like credit cards and passports by using RFID-blocking wallets or cases, which prevent unauthorized scanning. Moreover, they recommend regularly monitoring financial accounts and using cybersecurity solutions to protect against phishing and malware threats, ensuring your personal and financial data remains secure.
Kaspersky also advises travelers to be cautious and always book trips through trusted and reputable sources to avoid falling victim to scams. Always verify the authenticity of travel deals, website URLs and email addresses.
To avoid or reduce the risk of falling victim to travel scams and identity theft, Hia advises consumers to avoid clicking on links from unsolicited emails and use strong, unique passwords for all accounts and enable two-factor authentication to add an extra layer of security. He also said it is crucial to exercise discretion and not be fooled by offers that seem too good to be true such as fairy-tale low prices or promise of some attractive giveaways.
He also recommends users to install reliable antivirus with built-in protection against online fraud and phishing on their devices.
Security firms continuously innovate to stay ahead of emerging threats, ensuring that their users are protected no matter where they are. For instance, Kaspersky has a new flagship product, called Kaspersky Next, which integrates advanced Artificial Intelligence (AI)-driven technologies to detect and neutralize threats in real-time, offering unparalleled security for user’s digital presence.
Those who will go on a vacation to spend time with families and relatives must be aware and cautious of malicious actors to stay safe. They should stay vigilant in implementing ways to avoid threats.
