Researchers have warned of a growing black market trade in heavily discounted travel services made possible by stolen credit cards, hacked loyalty program accounts and fraudulent redemption of discounts and freebies.
Trend Micro claimed such offers are freely advertised not just on the dark web and underground forums, but also Telegram channels and even social network postings.
These include flights discounted by 50% or more because the cyber-criminal has paid for a large part of them using stolen travel points or frequent flyer miles.
“They usually buy these flights at the last minute; by the time the airline company notices the fraudulent transaction, the buyer has already gotten off the flight,” explained Trend Micro.
Discounted taxi and car-sharing rides, and cheap car rentals, are also available via stolen membership cards and package deals, while stolen loyalty card details allow buyers to book reservations at luxury hotels for up to 70% less than the regular price.
Even restaurant gift and loyalty cards are apparently available.
Many of the tickets and packages mentioned in the report are traded on dark web site Dream Market, but there are numerous underground travel agencies where flights and hotels are discounted by as much as 50%, according to Trend Micro.
Even a two-day trip to the upcoming FIFA World Cup in Russia is available for just $500 — half the usual price — and only $60 for a hotel.
The report added:
“There’s a downside in attempting to reduce your travel cost when availing these illegal services: getting your money's worth is not always guaranteed, and sometimes, you don't get anything at all. Scanning the underground forums, we found one buyer of a business class flight who complained about being unable to contact the seller when he found out that his purchase didn’t include a return flight … There’s also a customer who ordered three flight tickets for a trip, but were canceled before departure, among others.”
Trend Micro urged travel companies to be more rigorous in validating the identity of their paying customers and the cards they use, and to beware of malware directed at gateways, endpoints, networks and servers.
Users should be cautious of scams and heavily discounted tickets and enable 2FA for all log-in and online purchases, it concluded.