Summer has arrived, and it’s time to book your next getaway. While planning your escape, did you consider that hackers could be staging an attack on your personal information? Think about it—travel has gone digital. Your tickets, trip insurance, and hotel reservations are all at the fingertips of cybercriminals. So is all the travel information you shared with friends, family, travel agents, and your employer. The personal information you’ve entrusted to others is vulnerable, unprotected and under siege.
Why is it important to protect your travel information?
The fact of the matter is that the travel and leisure sectors have seen an alarming hike in suspected online fraud attempts worldwide, reporting a 155.9% year-over-year rise in 2021. Additionally, the tourism industry has some of the highest number of security breaches each year, which has a big impact on individual travelers. For threat actors and criminals, targeting and stealing data from the travel industry is good business. Take a moment to consider how much of your personally identifiable information (PII) can be found in a travel rewards program, trip insurance or hotel reservations. Travel data, and your PII, will remain a key target for criminals looking to sell it or utilize it for their own malicious purposes.
The online travel industry continues to grow. GlobalData projects the market to reach $765.3 billion in 2025. This means that the amount of sensitive data, including PII, that is held by travel and tourism companies will continue to rise, making this data an even bigger target for cybercriminals in the future. The unfortunate and terrifying reality is that your name, address, phone number, credit card information and more are up for grabs every time you share your flight or hotel reservation details putting you at risk of identity theft.
Be on the Watch for these 2 Dangers
Phishing and state-sponsored data stealing, two common scams, are being used by cybercriminals, especially when it comes to travel information. Let’s examine each.
On the CyberWire’s Hacking Humans podcast, Fleming Shi, Barracuda Network’s Chief Technology Officer, warned that people who are ready to get back out into and the world and travel will be the targets in the next phase of travel-related phishing. Arguably the most common scam of them all, hackers posing as a legitimate institution will typically contact an unsuspecting target (you!) via email, telephone, or text message, luring them into providing sensitive data. Consumer beware: within the tourism scope, phishing emails are often disguised as promotional emails, news updates or even messages from your bank, asking you to change your password and providing a link where you can do so. Cybercriminals have perfected the appearance of these emails and evolved their tactics as awareness surrounding these attacks increases.
A picture-perfect example of this is the data breach that affected numerous customers of The Ritz London. One guest reported that a scammer contacted her, saying the card she provided had been declined and proceeded to request details of an alternative card. The scammer went on to spend over £1,000 and even called the guest again when the payment needed authorization, claiming the security code would cancel the fraudulent transaction.
State-sponsored data stealing
State-sponsored hacking groups are often out to collect information on targeted travelers. It is common practice for many state-sponsored groups, like the ones from certain Asian and Eastern European countries, to steal travel data on their high-value targets. In particular, they are out to exploit passenger name record (PNR) data that is typically associated with air-travel itineraries, but has since grown to include car rentals, hotel reservations and more. All of this means that once a state-sponsored group obtains your PNR data, they are able to track you and that of those in your travel party.
How do you protect your personal information?
We can all agree that your next vacation should be spent relaxing poolside with an ice-cold cocktail in hand, not stressing over who has access to your data.
With that in mind, consider this: We’ve all been through TSA checkpoints at the airport. The only people who can get past security not only need a ticket and identification, but also need to get screened. TSA controls who passes through the checkpoint and when they get through it. You should have the same level of control over your data.
You deserve to control who can access your data, when it can be accessed, where it can be accessed and how it can be accessed. While we can’t control if your next flight will be canceled, we can help to give you, and your data, some peace of mind. Click here to discover how EB Control can elevate your vacations this summer and keep your travel plans secure.