The travel and hospitality industry suffers billions of losses each year due to fraud.
“With the right combination of other underground services (compromised accounts, credit cards, etc.) it is possible to cover almost every aspect of the holidays, including food and restaurants, shopping, entertainment, guided tours and more – way beyond flights and hotels,” Vladimir Kropotov, Researcher at Trend Micro, told Help Net Security.
What’s on offer?
Kropotov and his colleagues have been rifling through the Chinese and Russian dark web markets and forums, Telegram channels, and some English-language forums, and have found a thriving market.
Cybercriminals are offering services paid for with stolen credit cards, hacked loyalty program accounts, and fraudulent redemption of freebies, discounts, and rebates in the form of coupons.
They offer fake travel documents, cheap flights, cab and car-sharing rides, hotel accommodation, tour tickets, gift cards for restaurants, and more.
For the majority of these services, customers provide a link to a hotel or flight to the underground service provider and get back a booking with a 30-to-70 percent discount.
“This is essentially cheating the hotel and airline out of the full rate for the services – and is also how people afford more luxury destination,” Kropotov noted.
Underground service providers
Some ‘agencies’ offering these services have been around since 2015 and are still operating with very positive feedback on the forums.
Availability of these services is quite high, with some ‘travel agencies’ offering 24/7 support, and often offering live support during the travel as tickets can be canceled right before the registration or boarding due to fraud prevention mechanisms flagging suspicious transactions.
It’s interesting to note that many of these underground service providers prefer not to work in countries where they are physically located.
“If you look on the Russian speaking underground forums, more than 50 percent of providers decline to sell services inside the former Soviet Union territory,” he says. “And sometimes this limitation works for neighbor countries, too.”
Satisfied customers are urged to post pictures of their successful trips as proof that the services sold to them are not a sham.
Still, some who use these cheap travel services end up with problems. Kropotov says that many people have made posts claiming that their tickets or hotels had been canceled, requiring them to pay for the trip again.
The fraudsters’ modus operandi
How do these criminals manage to meet the demand for cheap flights and hotel stays? They exploit the weakest points.
They take advantage of the fallible human factor. For example, they trick users into handing them credit card information or passwords for loyalty programs.
Or they infiltrate enterprises and look for vulnerable practices, susceptible systems, or operational loopholes; then they alter parts of the organizations’ processes to benefit them.
“The most interesting thing we discovered is how fraudsters combine these simple components to trick a fraud prevention system. Some forum discussions on how to use stolen credit cards and payment systems point out the importance of ‘warming up the account,’ meaning making smaller purchases that align with the profile to ‘calibrate’ with the anti-fraud system before making a major transaction,” he explains.
Kropotov and his colleagues are scheduled to present the findings of their research at the Hack in the Box conference in Amsterdam this April.