Heading home for the holidays? Brave soul!
Between soaring free-ticket airline ticket scams and gadgets’ propensity to flop out of pockets or get snatched by the nimble-fingered, it’s a security jungle out there.
According to a new report from the Airlines Reporting Corp., there have been 82 incidents of unauthorized airline ticket issuance between August and November alone.
That compares with a total of 18 bogus tickets issued for the entire year in 2010, and it doesn’t even include numbers for the travel-happy days of December.
The tab on phony tickets issued in 2011 tips $1 million, with the most valuable ticket’s face value coming in at over $77,000.
Why are these scams proliferating? The ARC, a company that handles payment between airlines and U.S. travel agents, points the finger at an upsurge in phishing emails aimed at travel agents, with spear-phishing emails going out to travel agency employees and independent contractors.
The aim of phishing is, of course, to gain trust by posing as a trustworthy online source and to then barter on that trust to filch information such as login IDs, usernames, passwords, and credit card details.
Here’s what the ARC sees in these phishing attempts:
The phishing emails are designed to appear as though they are being sent from global distribution systems (GDS) that provide travel agents the ability to book and issue airline tickets, which are then transmitted to ARC’s transaction settlement services. The phishing email entices the reader to obtain additional information or reports by clicking on a URL. From there the reader is directed to a fraudulent GDS website and invited to log in, providing the fraudster with the necessary credentials to access the genuine GDS website to book and issue unauthorized airline tickets.
The ARC teams with travel agencies, GDSes, law enforcement and airlines to shut down such phishing sites. The company also maintains a Fraud Alert and Incidents page on its website, Twitter feed and Facebook page.
Beyond phishing attempts reported to the ARC, there are other, more passive sources of bogus tickets, including ticket scams on Craigslist. Here’s a list of tips to help travelers spot these scammy Craiglist tickets.
If you manage to get a legitimate ticket and get to the airport, you then need to try to avoid losing your mobile device.
According to a recent study by Paul Ducklin at the Sophos office in Sydney, some public transport companies even sell off these devices at auction when not claimed for a period of time.
Ducklin purchased 57 lost USB thumb drives at a RailCorp auction to see how well we are doing at protecting our data and securing our computers.
Turns out that 66% of the devices were infected with malware, just in case you might be tempted to plug in a “found” key, and 0% were encrypted.
Here are some steps to keep smartphones, tablets, laptops and other devices safe:
- Carry your device where you can easily check that you’ve still got it—and where you would notice immediately if it were to disappear.
- Use a secure password on all devices that carry valuable data.
- Consider device insurance.
- Be sure to use full disk encryption or file-based encryption for anything containing sensitive information.
- Consider tracking software. There are multiple success stories of owners who’ve surreptitiously snapped photos of thieves, collected their Facebook account information or tracked them to their exact location; here’s one such story from The Guardian.
Happy travels, and stay safe!