Site iconSite icon HospitalityLawyer.com®

No one likes a copycat: How to avoid and protect yourself from a spoofed travel website

Many people are aware of email phishing schemes fraudsters use to collect personal information from unsuspecting victims. But many haven’t heard of another phishing method used by scammers, often unnoticeable to the naked eye—spoofed websites. This growing problem isn’t reserved for only banking or e-commerce sites. ARC recently reported two business travel agencies have fallen victim to spoofed websites. With this news, we want to give you the low-down on what a spoofed website is, how to spot one and ways to protect yourself and your company from these scams. With cyberattacks on the rise, it is important to consider phishing as part of your global security plan.

So, what is a spoofed website? In this scheme, a fraudster creates a fake website and/or email domain that looks legitimate, often copying a real website using logos, images and even the layout/content of the site. This phishing tactic usually asks the visitor to enter log-in credentials or personal details in an attempt to collect information used for identity theft. This tactic can also be used for other fraudulent activity. In the case reported by ARC, the fraudster used the fake website to appear legitimate to hotels and book stays using compromised credit cards.

Unfortunately, it can be difficult to spot a spoofed website, but there are a few signs to be weary of. First, check the web address. A spoofed website usually contains a misspelled word, extra punctuation or is excessively long. You should not only check for these signs in a web browser, but also any text linked to hyperlinks—hover over hyperlinked text to see the full URL before clicking. Another sign of a spoofed website is pop-ups. Sometimes spoofers direct victims to legitimate sites and use a pop-up window to collect personal information. Always use the website you are familiar with, have used previously without issues and have bookmarked. Don’t rely on a Google search. Review any results returned by searches and compare the URLs.

Now that you know how to spot a spoofed site, here are some tips to protect yourself if you feel like you may have landed on one:

With processes becoming more and more automated through digital and web processes, it is important to take a comprehensive look at risk management to include crime and corruption that takes place on the web. As Travel and Transport’s Chief Technology Officer, Tim Krueger, puts it, “In today’s world of an ever changing and increasing threat landscape, user awareness and training are essential elements to any modern security program. Individual diligence in identifying and avoiding potential scams and threats is often the first and last line of defense.” We hope you never have to use these tips, but keep them in your back pocket in case you ever happen upon a fraudster.

Sources:
https://archives.fbi.gov/archives/news/pressrel/press-releases/fbi-says-web-spoofing-scams-are-a-growing-problem
https://www.globalsign.com/en/blog/how-to-spot-a-fake-website/
https://www2.arccorp.com/support-training/fraud-prevention/fraud-alerts/fa01262018/
https://safety.yahoo.com/Security/PHISHING-SITE.html

Exit mobile version