Travellers beware: Hackers are after your information

Cyber criminals look to monetise frequent-flier miles and other rewards

Frequent fliers get all the perks--and all the attention from cyber criminals, apparently. United Airlines, American Airlines, and Park-n-Fly have all reported breaches in the past few days, pointing to an emerging trend of attacks targeted specifically at travelers.

Travelers can be an easy mark for cyber criminals, because they're inherently off-guard and in unfamiliar situations. "Consumers may be somewhat easy targets, as we often cut corners protecting ourselves, fueled potentially by an urgency to complete tasks, travel-related stressors, and sleep deprivation," explained Trey Ford, global security strategist for Rapid7. "Given these considerations, consumers have a tendency to favor time-saving behaviors like password re-use, while stress, distraction and exhaustion raise our susceptibility to phishing campaigns."

Travelers and travel-related companies and programs are particularly valuable targets, too. Individuals who are vigilant about guarding and monitoring bank and credit card information may not consider things like frequent flier miles to be worthy of heightened security. Those miles and customer rewards, however, do have value and can be traded for goods and services. They offer cyber criminals an easier target than banks and credit cards, while still being relatively easy to monetize.

"Going after frequent flyer miles, Candy Crush gold, or virtual swords and armor in World of Warcraft may seem like a surprising tactic for attackers, but for them it's an efficient way of monetizing low-hanging fruit attacks, such as phishing and credential theft," explains Jon Oberheide, co-founder and CTO of Duo Security.

The second factor is that many travelers--especially the most frequent travelers--are generally traveling on business. That means they're using corporate credit cards, which often have higher limits than personal credit cards.

There is one more thing of value attackers can obtain from these frequent travelers: personal information. These companies and programs generally include names, addresses, email addresses, phone numbers, and other sensitive information that attackers can use to steal the victim's identity.

It's important for businesses to monitor for failed logins as well as fraudulent successful logins. Failed logins are a strong indicator of an attempt at unauthorized access. Of course, the real damage comes when an attacker logs in successfully. Perhaps the username and password credentials have already been obtained from a different breach, and the attacker is able to waltz in and raid the proverbial cookie jar.

There are steps you can take to protect your accounts and information. "When making transactions especially with less sophisticated vendors," recommends Rob Shavell, CEO of Abine, "try to minimize not just financial info, but to give out less personal details, as these can be used for more sophisticated identity theft schemes at other places."

Rapid7's Ford suggests that travelers take a few minutes to replace re-used passwords and double-check travel loyalty balances as well: "Re-using passwords is dangerous. We've all been warned about the risks of using the same password for different websites, and yet we still do it," stressed Ford.

Cyber criminals aren't usually very discriminating. They'll go after whatever requires the least effort. It seems that travelers, and the customer loyalty and frequent flier programs they use, have become a new target of choice.

Join the CSO newsletter!

Error: Please check your email address.

Tags United Airlinesamerican airlinessecurityRapid7data breachIdentity fraud / theftinternet

More about American AirlinesRapid7United Airlines

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place