While Looking for the Perfect Vacation, Keep a Watchful Eye out for the Perfect Scam

As the travel industry heavily started promoting summer deals earlier; scammers, too, have plunged into the trend with spammed malware campaigns using holiday hooks. Flight confirmation emails are the top lure this season, followed by hotel deals, extravagant cruise packages and vacation loans.

In season, holiday spam can reach up for up to 6% of all spam. And if a regular “business spam day” means some 1.8 million messages, at the season peak we are talking about approximately 108000 holiday-themed pieces a day of which bogus flight confirmations are most spread.

Airline confirmation emails or receipts make up nearly 60 percent of all summer holiday spam this year. These messages usually deliver malware in an attachment or link to dangerous webpages.

The second-most spread seasonal scam variety is the fake newsletter promoting early-booking bargains at luxury vacation destinations across the globe. These messages are drafted in different languages to match the locations they advertise.

Cruise packages, travel insurance offers and holiday loans are also used to bait people planning the perfect summer escape.

Bitdefender also found that Delta Air Lines, US Airways and the German Condor Flugdienst were the most targeted, being two of the biggest airline companies in the US and Europe serving each year millions of customers all across the globe. More customers mean better chances for such scams to pay off.

To protect yourself check out some tips on how stay safe while planning and enjoying the perfect holiday:

• Research the website you’re using before you book a flight or make a hotel reservation.

• Look what other people have to say about a certain ticketing / booking website. Read their comments and feedback on that site’s services.

• Try to get in contact with a representative of the company, who can provide you with as many details about the seat or the vacation venue as possible.

• Do not click links embedded in e-mails that pop up in your inbox if you haven’t specifically asked for travel offers or flight reservations. And never open files attached to these e-mails.
• When you leave for the vacation of your dreams, don’t announce it on social networks. An empty house can be extremely tempting for burglars. Securing your virtual world can help secure your physical one.
• Avoid shopping online or checking e-banking and credit accounts when using public WiFi hotspots such as those in airports, coffee shops or malls. Don’t do it via the hotspot in your hotel either.

And for more details on specific scams found in the wild, keeping reading:

A recent holiday spam campaign aiming at the budget of vacation planners is the highly seasonal “Your eTicket” spam campaign targeting Delta Air Lines customers. The message demands people confirm their flight reservation with Delta and check the information in an attached PDF file.

The attachment hides a variant of the very dangerous Sirefef – a Trojan with rootkit capabilities that will mess with users’ OSs and create a perfect vulnerable environment for other malware families to target the victim.

US Airways customers must watch out for dedicated spam messages inviting them to confirm a flight code. Some such samples have links that redirect users to a webpage advertising a “miraculous weight loss plant.” Others, with exactly the same name and appearance, lead users to a page associated with the BlackHole Exploit Kit to expose them to an exploit kit that silently reads a user’s browser configuration, looks for breaches then slams it with malware – all without the user’s interaction.

A classic spam tactic at the dawn of holiday planning is the appealing discount for in-advance reservations in luxurious hotels in Peru, India or exotic islands in the Pacific Ocean.

While some samples are merely annoying, others have malicious links and malware in attachments. If it’s spam, treat it with caution!

Campaigners aim also at employees with unsolicited messages presenting venues for team buildings, conferences, product launches or other business activities.

An attack is not always about the person who received the message. Sometimes they are the means to a bigger aim, such as the person’s employer. The employee must never give an attacker with a way in.

Scammers targeting vacation-goers may have various aims: to gather contacts to build a victim network for future malicious and spam campaigns, to collect card details, personal details for impersonations, money-muling or FTP accounts to be used for hosting malware at the expense of the victim. It all depends on the attacker’s agenda.

This article is based on the spam samples provided courtesy of Ionut-Daniel RAILEANU and Adrian MIRON, Bitdefender Anti-spam Analysts and the technical details offered by Doina COSOVAN, Bitdefender Virus Analyst.

Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.