Watch out – malicious domains targeting travelling are on the rise.
After more than a year of rolling lockdowns, and with light beginning to peek out at the end of the tunnel, people are starting to consider what life will be like after the pandemic. And for those most eager to travel, the desire to see where you can travel – and the practicalities of getting vaccinated, tested or filling out paperwork allowing you entry into a largely closed-off world at present – is at the forefront of their mind.
But as we’ve seen repeatedly over the course of the pandemic, where the general public expresses an interest, scammers see an opportunity. In the first three months of 2021, as countries began to get their mass vaccination programs underway, enabling the opportunity for people to think about booking holidays later this year, cyber resilience firm Webroot saw a 93% increase in malicious covid-related domain names featuring the word “travel” in their title.
“The length and duration of the pandemic has allowed hackers an extended opportunity to hone and craft their domains,” says Nick Emanuel, senior director of product at Webroot. “The language used in these malicious domains names is highly reflective of current trends, and key events like travel bans introduced globally have a direct impact on how hackers create resources to trick people.”
Passport and cheap breaks are luring us in
Hackers are preying on our desire to get away and to put the last few months of horror behind us, tailoring domain names to take advantage of the kinds of things we’re likely to be searching for as we seek a way out of the pandemic.
In March 2021, Webroot tracked a 79% increase in a single month in domain names featuring the word “passport” on covid-related websites.
This is an indication that many are searching for how to re-register lapsed passports, or are seeking clarification on whether a vaccine passport system is likely to be implemented.
“Directly after travel bans were implemented, we saw the word ‘passport’ used in malicious domains mostly in the context of providing data on which countries were blocked – e.g. ‘Passportbancountries’ – rather than the context of preparing or enabling travel,” says Emanuel.
At the same time, a 169% increase in domains using common holiday search terms like “weekend break”, “cheap” and “last minute” was recorded between February 22 – when the UK prime minister announced a roadmap for that country out of lockdown – and the end of March.
Testing interest decreases
One area that saw a decrease in the number of scam-related domains, indicating cyber criminals believe there is little potential for making money off the back of it nowadays, was in coronavirus testing. Although this had been a significant driver of potential pitfalls for victims in the early stages of the pandemic as we scrambled to figure out whether we had covid-19 or were safe, it’s now seen as not worth trying.
There was a 71% decrease in recorded malicious domains created using the words ‘testing’ or ‘testkits’ between January 1 and March 29.
“The decrease in terminology related to ‘testing’ and ‘testkit’ correlates with the introduction of a comprehensive school testing regime in the UK and we believe the strong supply and ease of obtaining a test has cut down opportunities for scammers on this specific topic,” says Emanuel. “Both examples demonstrate how cybercriminals are carefully grooming news and creating domains that will have a higher percentage of hits.”
As for what to do to try and avoid these things, Emanuel has the tried and tested bit of advice to people. “To protect against these threats, individuals should remain vigilant in scrutinising all links they receive in emails before clicking through,” he says. “This should also be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and strong password policies.”
