Pent-up demand for traveling – both domestically and internationally – has driven an interest by cybercriminals to take advantage of those traveling to become phishing victims.
Security researchers at Palo Alto Network’s Unit 42 have identified a material jump in the number of travel-related phishing URLs of over 4x that of January of this year. One of the primary pieces of malware using these URLs is Dridex. Phishing campaigns using Dridex typically focuses on campaigns around billing or invoicing. But Unit 42 has spotted a jump in URLs related to travel – words like “vacation” or “airline” are commonly a part of the URL.
Their tactics remain the same – use a malicious Excel spreadsheet that is either attached to the email or linked to via Dropbox. But the campaign tone and theming is now very much travel-related.
Beyond the Dridex banking trojan, Unit42 also notes that in many cases, collection of details (e.g., personal data, credit card information, online credentials, etc.) is also a focus, as it can be sold on the Dark Web.
As long as users are vigilant through continual Security Awareness Training, they will recognize these emails as being unsolicited and suspicious, making them powerless and ineffective.