Travel SCAMS - Don't Fall For Them

Welcome back to another episode of Cappuccino Chat. This time we're talking about travel scams and how to make sure you don't fall for them. All right, this time we're talking about travel scams and kind of walk you through an example of one and then how to make sure that you don't fall for these during busy travel season. So, it's summertime, we're doing a lot of traveling and the scammers, hackers know how to uh make their money this season. So, some of the things that are going on right now is they're going to send you uh confirmation links or information about your travel that you've already booked from like major places like uh Expedia, uh Delta, American, uh Marriott, those types of things, right? So, here's what'll happen is you'll get a official looking email. It's got all the right logos on it. It's got all the right stuff on it. um saying that um your flight itinerary has changed. Click here for updates. Uh your room is changed. We've upgraded your room. Click here to confirm. You know, staying at a Marriott kind of property. And then what happens is when you click that link, it's going to take you to a fake website. Again, it's very easy to duplicate these major manufacturer websites. You can rightclick on everything, download logos, you can lay things out the same way. It's going to look very official looking when you go there. Again, can be certain things to look for, but it's going to be very official looking. So, that email is going to prompt you to log in, uh, put your password in on this fraudulent website. Now, typically what's going to happen at that point is one of two things. They will pass you through to the legitimate website and it looks like you log into your account. You'll be like, "What are you talking about? everything looks fine on my stuff or they'll display some kind of error message saying check back later our systems are having problems which let's face it happens all the time. So at that point you've given them your login and you've given them your password. Now what they can do is um get into your payment details if you've got saved credit cards in there. um they can get to your points and transfer points out of your account into their account. Uh basically draining everything you've got. Now there are limits on certain um airlines and with Marriott and stuff like that, but still if you got a lot of stuff stored in there, it's possible for all this stuff to get stolen from you. So you got to be um careful. The other thing is is those links again are going to contain malware ransomware where again they're going to depend upon your level of security on your machine get full-time access to your computer. It is very easy. Gone to conferences before learn how to hack and how easy it is. They don't even have to know anything. They can purchase these online scripts and things from true hackers and go about their business. If you click a link, open an attachment, do something, it can be that easy. At that point, the hacker owns your machine. They have now what's called persistence. It's installed a little piece of software, which is Windows, and it's made a persistent connection back to them. So that even if you shut off your machine, reboot, whatever the case might be, as soon as you turn it back on, it notifies them basically that this connection has been restored and your machine's available. We've got to be very careful with these types of things. Things you can do of course to protect your devices and yourself from these types of attacks. So let's kind of goes on with some of this and why it works. Again, they're using the real logos, the formatting from P from emails and stuff. They get these emails from Delta, American, Expedia, Marriott. They know what they look like. They know how they're worded. All that stuff. they can easily duplicate those emails and those websites. It's going to create a level of urgency for your users to do something. Again, if you say, "Hey, reservation issues. Your flight's been cancelled. Hey, your room is no longer available. You're going to need to book somewhere else." All these event are going to make you panic because you got to fix your travel. You can't have your vacation and stuff all messed up. You got to take care of it. So, we're going to be urgently getting on those things and moving quickly and not slowing down enough to realize that this may not be the legitimate thing and there's nothing really wrong. People are distracted. Again, there's a lot going on at work before you get ready to leave for your travel. You're trying to get a whole bunch of stuff done so that when you're on vacation, when you are traveling, you can actually relax and enjoy your time. And um again, it's a business risk. If you're checking on people's personal travel arrangements and things of that nature and you're clicking these malicious links, you're now causing a breach into the company you work for. Um which now puts their systems at risk for being compromised and getting into email, getting on systems, seeing payroll data, seeing who you do business with, getting credit card information, all that stuff. you're putting the businesses at risk by doing that on your business computer. Now, how could you possibly protect yourself from some of these things? So, one, always verify the link before you click on it. So, again, putting your mouse over it, verifying where it came from. Um, does it have the right confirmation number and things of that nature and flight details? Is certain things mentioned in the email? Again, slow down if you're worried. Do not follow the links inside the email. So you get a suspicious looking email from Marriott. Instead of clicking the link in the email, use your mobile app and log into your Marriott account and see if there's anything there. Or open a separate web browser window, log into your Marriott account, and see what's going on from there. If everything looks okay with your reservation, safe to say you just saved yourself from a scam email, then you can delete that email and ignore it because everything is fine. Just do not click the link or open an attachment like a copy of your itinerary, uh, copy of your confirmation attachments in those emails. Do not do that. Check the email address. Again, slow down. Check that. It's gonna have um maybe it'll say deltacom.com, right? Aa.com whatever. Um maybe it'll say a.com for American Airlines. Marriott uh might be missing an R or have a zero instead of an O. There's all sorts of different things that could happen. And again, slow down on that email address where it's coming from. If it's not, you know, marriott.com spelled correctly, slow down. If it's not delta.com, stop. Even if they do use other third parties where they might say email.delta.com, still log into your account from a separate window on the mobile app and verify everything. Make sure you set up multiffactor authentication on those travel accounts. So, your airlines, any airlines you travel with, hotels you visit, you can set up multiffactor authentication where it's going to text you a code or you got to put a code in from an authenticator app that you have set up so that if anybody ever does get your username and password somehow, again, they're blocked by not having that MFA code. You got to be careful because even if you set this up and you fall for a scam and you put in your username, password, and then give them your MFA code, it will then allow them to log in again and do those malicious activities. So, it's not an end all beall, but it does help. It slows them down and gives you uh better protection than without it. And then make sure you secure your business email address or your personal email addresses as best you can. If you're using your business email, make sure you blocking malicious links, malicious attachments. You've got some additional protections on your email account. Some of the basic licensing from Microsoft uh definitely from Google does not include these advanced features. You have to pay extra for them. So, don't assume Microsoft's protecting me. Google's protecting me. Uh definitely things like your old AOLs and um all those other old accounts and stuff are definitely got no level of protection, right? So do not assume those are scanning those and protecting you in any way. When it comes to uh viruses and ransomwares and malware, the number one way these things that happen is through email. So over 95% of all attacks happen via email. Just like this. This time though, they're targeting us during this busy travel season trying to get us to do something, give away that stuff because now they can steal points, get gift cards, and all that stuff on their own. once they're in your account and there's nothing you can do about it. Once those points are gone, those points are gone. You've basically given somebody else the rights to your accounts. So, you're not going to get those points back. You're not going to get that stuff back. Uh your credit card information can be stolen. All that kind of stuff. You got to be careful. As always, if you've got any questions about what we covered, please reach out to me. 760-770-52000. and safe travels. Be careful out there and have fun.