People need to be wary of travel-related phishing as the pandemic draws to a close, according to Fleming Shi, Chief Technology Officer at Barracuda Networks. On the CyberWire’s Hacking Humans podcast, Shi explained that phishing campaigns take advantage of current trends. Currently, many phishing attacks are themed around the demand for vaccines. As pandemic-related restrictions begin to lift, there will presumably be a major demand for travel as people are finally able to take vacations, and attackers will jump on this opportunity.
“The next phase for the targets will be people who are getting back out there, really kind of enjoy the world, right?” Shi said. “I mean, if you think about traveling through the holidays, I was pretty surprised how many people actually got on the plane and, you know, really tried to see their family, right? I think cabin fever – people are getting really stuck for a long time, and so there will be a rise in bookings for hotels, mainly because people are getting ready to plan for their vacation. They really need it.”
Shi said there are some security best practices that people can follow to avoid falling for these attacks.
“There's a few things you should be considering,” he said. “First of all, this is for the travel preparation stage, right? Once you get on the road, that's another set of things you need to worry about. But before you get on the road, I would say be very cognizant about clicking on links that offer really great deals that may not look real. Secondly, when you get to the site, if you don't have a password manager, I'll recommend a really strong password. So, password managers provide system-generated passwords, which is much harder to guess, very random. You will still have the convenience of actually getting into the site. But if the reservation site has, like, multifactor or two-factor authentication, you want to utilize those features because passwords still can be stolen, even system-generated.”
New-school security awareness training can enable your employees to be on the lookout for phishing attacks.
The CyberWire has the story.