The summer season is the time to hunt for your data. How to recognize a phishing attack and avoid it?

Summer is coming soon – the time of holidays and travel. But this is also a time of increased activity of scammers who use thematic tricks to phishing. How to avoid becoming a victim of cybercriminals and protect your money and confidential data?

Recent Poll McAfee showed that 30% of the adults surveyed at least once fell into the traps of online scammers when looking for profitable offers in the field of tourism and travel. Many victims lost up to $1,000, hard-earned in a stuffy office.

Anti-Phishing CenterPDC) from company Coffee told about one of the phishing campaigns based on BEC attack. During the campaign, the perpetrators impersonate the HR department of the victim’s organization and offer to apply through the link for a vacation with paid travel abroad. Clicking on the link causes an authorization window to appear on top of the victim’s corporate home page. That is, the site is real, and the data entry form is fictitious, transmitting the corporate login and password of the victim directly to the attackers.

This attack combines two effective phishing tactics: fake messages from representatives of the target organization and a social engineering hook on vacations and travel. During the attack, the scammers use the most common procedures performed by the HR department of the target organization, but also play on the suspense and excitement associated with the summer travel season, which further lulls the victim’s trust.

“This is a sophisticated tactic for gathering credentials,” says Mika Aalto of Hoxhunt. “Attackers not only rely on email, but also use social media, text messages and even phone calls to gain the trust of potential victims and shake them for more useful data.”

Aalto also warns that criminals can use artificial intelligence to make their phishing strategies even more convincing.

Common phishing campaigns targeting people who are interested in travel in one way or another often include big discounts or free flights, hotel reservations, or various package deals. There are also scams with fake rental properties, false insurance policies, and the like.

How to protect yourself from phishing? The Cofense researchers made a number of useful recommendations:

• do not open suspicious emails, messages, or attachments from unknown senders;
• do not click on links or download attachments from such sources;
• check spelling and grammar in texts, as well as the design and domains of sites;
• be sure to use two-factor authentication for your accounts, especially for corporate ones;
• change your passwords regularly and do not use the same passwords for different services;
• install antivirus software on your devices and update it regularly;
• be wary of offers that seem too good to be true;
• if you encounter phishing, report it to your IT department, bank or relevant authorities, they will tell you what to do.

Be vigilant and don’t let scammers spoil your summer vacation!