Page 79 - Cyber Defense eMagazine for July 2020
P. 79

To make matters even more complicated, authorities have warned customers to be on the lookout for
            phishing emails offering refunds on flights, now that their personal details may be up for grabs on the
            darkweb. According to privacy expert Ray Walsh, "Anybody who has ever purchased an EasyJet flight is
            advised to be extremely wary when opening emails from now on...Phishing emails that leverage data
            stolen during the attack could be used as an attack vector at any point in the future.”

            In fact, a recent statement from EasyJet compelled customers to think critically when opening EasyJet
            emails, saying "We are advising customers to be cautious of any communications purporting to come
            from EasyJet or EasyJet Holidays."

            But EasyJet was not the only airline to have phishing campaigns associated with it over the course of the
            pandemic. As the impact of COVID-19 began to take hold in late March and airlines started canceling
            flights, Emirates Airlines warned customers about circulating fake flight refund emails and email security
            provider Mimecast alerted authorities to a major uptick in flight-related email scams involving a variety of
            airlines. Other security firms noted a rise in voice-based flight cancellation scams, wherein scammers,
            posing  as  airline  agents,  called  random  people  to  discuss  purported  flight  cancellations,  and  in  the
            process, tried extracting personal information.

            And now, as airlines across the world attempt to cut their losses, they are offering heavy discounts on
            flights, for whenever regular flights do resume. As inboxes fill up with enticing promotions offering deals
            on future flights, customers should remember that while many of these emails are legitimate, a significant
            portion are phishing emails, cashing in on the confusion created in COVID-19.



            How to Spot a Travel-Based Phishing Email

            Meanwhile, it’s important to note that since travel information was included in the stolen EasyJet data
            set, phishing emails sent to those customers may be highly targeted and include real elements, like dates
            and destinations, making the emails seem legitimate. If your data was exposed in the EasyJet hack, there
            are some relatively simple ways to protect yourself from falling prey to the ensuing phishing threats.
            What’s more, these tips can be just as easily applied to any trending COVID-19 airline email scams out
            there today. So when you get flight promotions or cancellation notices, be sure to:



               -   Look at the sender's email address - does it match the name of the airline or is it slightly off? For
                   example, if it says EasyJetTravel.com, JetBlueFlights.com, or SouthWestTickets.com, you can
                   rest assured it’s a scam.
               -
               -   Avoid any email requesting personal information, such as credit card information, dates of birth,
                   or social security numbers.
               -
               -   Delete messages that include links or attachments, which are often filled with malware payloads.








            Cyber Defense eMagazine –July 2020 Edition                                                                                                                                                                                                                         79
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   74   75   76   77   78   79   80   81   82   83   84