In this Help Net Security video, Aaron Walton, Threat Intelligence Analyst at Expel, discusses travel scams.
Over the past 18 months, the Expel SOC team has observed attacks targeting Booking.com’s administrative credentials. Attackers create phishing emails and fake, cloned websites to steal usernames and passwords from hotel staff. The stolen accounts are then used to request payments from travelers. Booking.com recommends using MFA to prevent these attacks, but this alone is not enough.
Walton expects these criminals will continue to innovate to get around MFA. These criminals have teams whose sole purpose is to create fake websites and email accounts to send emails. They can undoubtedly innovate further and increase their capabilities. MFA alone is not enough. These particular problems must be solved through technology and collaboration.
Technology can mitigate many of these attacks, but collaboration is essential: organizations can use existing tools, such as internet gateways, to block and detect new and similar domains, rather than placing the responsibility of identifying suspicious domains on end users.
It is possible to detect and block the registration or creation of these websites before they are exploited, but true disruption requires more coordination. Whether or not attackers are using AI is not particularly important here; the way the internet works alone provides defenders with ample means to identify, slow, and stop actors behind these threats.
Companies must continue to work together to leverage technology to solve the problem of travel fraud, rather than leaving the onus on consumers.
