• United States



by Senior Editor

Report: Thieves Target Online Travel Sites

Jun 09, 20085 mins
CybercrimeDisaster RecoveryIdentity Management Solutions

Research from security vendor MarkMonitor shows digital outlaws hijacking the brands of online travel companies and airplane parts manufacturers.

Online travel sites and airplane parts manufacturers are among the biggest victims of cybersquatting, false association, pay-per-click abuse and domain kiting, according to a new report from security vendor MarkMonitor.

The vendor points to the increased risk in those business sectors in its newly released Brandjacking Index for the spring. The findings reflect a trend observed by other security experts who have found, among other things, that the bad guys are using search-engine optimization (SEO) tricks to get their bogus sites higher in the search rankings.

Trends noted in the report included:

The rise of online auctions for fraudulent travel vouchers. The average discount for the more than 150 listings analyzed was 80 percent under face value. With the recent airline industry bankruptcies, increased cases of online fraud related to refunds, credits and vouchers are likely.

The growing success of search engine optimization tactics. Through higher search rankings, scammers divert Internet users searching for legitimate travel brands to illicit sites with questionable content, including pornography.

Blended abuses targeting travel brands. Attackers have combined multiple techniques such as spam, pay-per-click fraud and malware to put shoppers’ computers as risk for viruses and spyware.

Meanwhile, the vendor found that cybersquatting is the most pervasive form of brandjacking, growing by 40 percent in the first quarter of 2008, while pay-per-click fraud actually declined by 42 percent. Phishers also appear to be targeting fewer new organizations, focusing 90 percent of the phishing activity on a small number of brands.

Dancho Danchev, an independent security researcher and consultant based in the Netherlands, said the MarkMonitor research reflects much of what he has been monitoring in recent months.

“What I’ve been witnessing is an automated approach that comes up with relevant brand impersonating domains such as, registering these and uploading the fake security software,” Danchev said, adding that scams are getting more sophisticated due to the localization crooks are starting to apply even in the domain names themselves – registering the domains in a native language to attract local traffic, for example.

Where the money is

During a recent visit to the offices of CSOonline to promote the latest Brandjacking Index, MarkMonitor Chief Marketing Officer Fred Felman said he’s not surprised by the explosion of online travel scams designed to lure shoppers from legitimate e-commerce sites. But he was taken aback by the number of bogus sites selling questionable aircraft parts on business-to-business exchanges and consumer auction sites.

“The criminal is always thinking about where the money is, so it makes sense they would go after travel sites,” he said. “We all travel and are frustrated by the high cost of airline tickets and hotel rooms, so we’re constantly looking for bargains.”

He’s also not surprised the bad guys are making so much money since, as Danchev noted, they are getting more adept at using cybersquatting and SEO tactics, a trend reflected in a recent special report from CSO magazine (Black Hat SEOs: Is This the Future of Search?).

Danger in the skies?

Though he wasn’t surprised to see travel sites targeted so aggressively, Felman said he was shocked by research showing vendors in China, the U.S. and other countries selling questionable aircraft components in bulk online.

“Given all the regulations out there, it’s surprising that we found so many bogus parts sites,” he said. “There’s a growing risk that these parts could end up in standard distribution channels.”

Other security experts are far less surprised to see bogus airplane parts proliferating across cyberspace. For them, the China connection in particular is a no-brainer.

“I’m not surprised by anything coming from China,” said Petko D. Petkov, a self-described hacker and founder of UK-based think tank GNUCITIZEN. “The cyber laws in China are a bit vague and [hackers] are usually left to do whatever they want without consequences.”

Independent security consultant and former Radianz CSO Lloyd Hession noted that there has always been a market for bogus plane parts and that people have been traveling for years in planes fitted with some of the questionable components. It’s just that the bad guys have finally taken their business online, he said.

Security options limited

While companies can reduce the threat to their reputations through a layered security program and constant surveillance to see if their brands are being abused, Petkov said defensive options are limited.

“In the case of brandjacking, I don’t think there’s an easy solution due to the fact that the people who abuse the particular brand may not reside within a country that has sensible regulations” to deal with the practice, he said.

In cases where phising attacks happen via a third-party domain the targeted company has no control of, there is very little to do, he said. One can contact the ISP in charge of the domain or the hosting space with the hope that they will terminate it, or report the malicious URLs to numerous anti-phishing registers.

Unfortunately, he said, “none of these workarounds will be 100 percent effective.”

For its report, MarkMonitor analyzed feeds from leading international ISPs, e-mail providers and other alliance partners.