MANILA - Filipino consumers must remain vigilant to avoid being victimized by travel-related scams that proliferate during the Holy Week break, Palo Alto Networks said
Fraudsters are taking advantage of the frenzy as consumers seek the most affordable tickets and bookings from agents and apps, the cybersecurity firm said in a statement.
“We’ve seen time and time again how scammers capitalize on people’s eagerness to travel as well as their desire to travel affordably,” said Steven Scheurmann, Regional Vice President, ASEAN, at Palo Alto Networks.
“The travel industry is especially attractive for scammers as it is a huge source of sensitive and personal data, including stolen usernames, emails, and passwords, as well as customer data such as identity, payment, and contact information, which means both travelers and travel companies need to be very cautious," he added.
Consumers must watch out for the following travel-related scams:
- Phishing scams via email and SMS to trick users to click links or download malicious attachments
- Shadow travel agency service reaching out to consumers using social media platforms while offering bookings at heavily discounted prices.
Palo Alto Networks said these shadow agencies pay the actual hotel, airlines and other providers with defrauded payment information. Disputed card transactions will be discovered weeks or months later, it said.
“Scammers and attacks may affect the individual traveler, major travel corporations, as well as small travel agents and operators—which means everyone needs to stay vigilant in implementing ways to avoid these threats. As Filipinos travel to celebrate Holy Week and spend time with their families, they must also remain aware and cautious of malicious actors to stay safe amid the holidays,” he said.
Palo Alto Networks said travel-related agencies must also implement security awareness training to help employees identify fraudulent emails to strengthen defenses against ransomware attacks via phishing.
Multi-factor authentication on business-related logins should also be used as an added layer of protection as well as an end-to-end cybersecurity solution that can detect malicious URLs and malware, it added.