Vacation periods continue to stand out as the months with the highest number of cyber scams against consumers. According to alerts from Booking.com, in the last 18 months there has been an increase of between 500 and 900% in travel scams. In the specific case of Spain, an Airbnb survey identified that more than a quarter of Spaniards admit to having been victims of scams related to vacation offers or accommodations, and up to 47% do not know how to identify a fake website.
Thus, as explained by Armatum, a platform for the economic quantification of the impact of cyber incidents, in addition to being the times of the year with the highest online sales activity, these periods can lead to the relaxation of operational controls due to the reduction of supervision personnel and security, or their replacement by less experienced personnel. Specifically, during the summer months, fewer alerts are filtered in security operations centers (SOCs) and response times to incidents increase. Internal attacks are therefore more frequent at this time. In addition, external attacks increase, as in the other hemisphere during the winter season, and knowing this, cybercriminals work at full capacity.
Although phishing continues to stand out as the most common fraud, with an increase of more than 94% in its activity since 2020, Bolster researchers identified a spike in scam campaigns with shipping notifications, gift cards, and fake delivery services during the holiday seasons. Specifically, attackers proved to be more active than ever in August, reaching a record number of 2.2 million unique fraudulent websites.
"In recent years, we have observed a significant increase in the number of cyberattacks during the summer. This trend is not a coincidence, but the result of several factors such as the greater vulnerability of corporate networks due to the reduction of personnel on vacation, the increase in remote work and the use of public or unprotected Wi-Fi connections, and the relaxation and reduced alertness of people during this time. These combine to create an environment conducive to cybercriminals and increase the risk of falling into phishing tactics and other types of attacks," analyzes Manuel Carpio, director of cybersecurity at Armatum.
What are the most common cybercrimes in summer?
A recent McAfee investigation highlighted that 39% of respondents reported receiving suspicious emails or text messages related to travel offers. In addition, it identified the three most common scams that travelers encounter when booking their vacations as fraudulent payments after providing bank or credit card details on a fake site (15%), having problems with accommodations where, after paying a deposit, they discovered upon arrival that the accommodation did not exist (13%), and clicking on a malicious confirmation link of unknown origin (10%).
The Armatum platform uses AI specifically to collect, investigate, and derive statistical data on incidents, in each country, and for each sector of activity, 24 hours a day and 365 days a year. Based on this analysis, the company's cybersecurity experts have identified some of the most common online scams during the summer months:
- Fake travel agencies. Travel websites appear disguised as legitimate ones. These sites may look real and offer attractive deals on flights, hotels, and vacation packages, but it's a lie. If the website asks you to book immediately or requests payment in the form of a gift card or bank transfer, that should put us on guard.
- The chalet with a pool and barbecue that does not belong to them. Scammers copy ads for the sale or rental of properties that do not belong to them, or that have already been sold, from real estate websites and upload them to other popular sites such as AirBnB and fotocasa. The person posing as the owner asks you to contact them via Whatsapp to finalize the details and asks you to make the payment by transfer or some other unusual payment method.
- Tickets for concerts and summer events. Through posts on social networks or emails, scammers try to attract victims to fake websites where tickets are resold at reduced prices. Victims are asked to pay for the tickets in advance, often through Bizum or any other payment application between individuals, which may not offer as much protection against fraud.