"Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives"

As the summer holiday season approaches, travel-themed phishing scams are gathering momentum, posing a significant threat to individuals and organizations. According to a recent McAfee survey, 30 percent of adults have fallen victim to or know someone who has fallen victim to an online travel fraud, with two-thirds of victims losing up to $1,000. The Phishing Defense Center (PDC) published a report highlighting a phishing campaign in which threat actors impersonated an HR department to exploit users' trust in their employers. By sending deceptive emails, the perpetrators wanted to trick unsuspecting victims into clicking on a link claiming to be for submitting annual vacation requests. According to the company, this version of a Business Email Compromise (BEC) threat represents the evolution of travel-centric phishing campaigns. Clicking the link in the fake HR communication leads to a login prompt overlaying the victim's company homepage, which was detected and generated automatically based on their email address in the URL. This article continues to discuss the evolution of phishing campaigns targeting travelers.

Dark Reading reports "Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives"