Half of Travel-Themed Spam Messages Worldwide Are Scams, Bitdefender Antispam Lab Warns

With expected spending of $2 trillion this year, global tourism is well on its way to recovery. This creates many opportunities for spamvertising campaigns and cybercriminals who exploit consumer behavior and travel trends for financial gain.

Spamvertising, or the process of sending unsolicited correspondence, is a growing concern for consumers. Messages range from irrelevant promotions and legitimate marketing lures to scams or other phishing attempts designed to extract personal and financial information or trick recipients into installing malicious software onto devices.

Researchers at Bitdefender Labs have analyzed the travel-themed spam and spamvertising trends over the course of three months to give consumers a perspective on the phenomenon and the security risks they face.

Key findings:

• Half of all travel-themed spam emails received during our three-month analysis were marked as scams.
• Travel-themed spam has been consistent in the spam of three months, with no significant spikes noticed by our researchers.

• Globally, Europe received the most travel-themed spam between April and June 2024, accounting for 44% of all such spam by volume, followed by North America (the US, Canada and Mexico) at 36%.
• The US holds the top spot as the most-targeted single country, receiving 36% of the entire global travel-themed spam emails (both marketing lures and scams). It’s followed by Ireland (16%), the UK (11%), Germany (7%), India and South Africa (6% each), Australia (5%) Sweden (2%), Japan, Denmark, Italy, Romania, Japan and Canada (1% each).

Note: Telemetry is based on all travel-themed spam (by volume) received globally between April-June 2024

Note: Telemetry is based on all travel-themed spam (by volume) received in Europe between April-June 2024

• The US reigns supreme as the top source of travel-themed spam, with 38% of emails originating from IP addresses in the country. Over 60% of the remaining travel-themed spam by volume originated from IP addresses in Europe, South Africa and Asia.

Email Travel Scams: Trends and Examples

Airlines, Surveys and Pillowcases

As mentioned, Bitdefender antispam filters marked half of the travel-themed spam (by volume) as a scam. While the unsolicited correspondence marked in this category varied immensely, researchers noticed multiple scam campaigns were localized for consumers across the globe.

One example that comes to mind is a scam campaign that used the name of Marriott, one of the world’s largest accommodation providers. Recipients receive an email that says they have won or can win a luxury pillow set from Marriott by taking a short survey. To claim the prize, users must pay for shipping.

The BBB also received reports of similar scams, in which victims claimed that they were overcharged (nearly $80) and never received their “prize.” Victims also said that they closed their accounts or credit cards.

Subject lines include:

- We have surprise for marriott customers

- Sleep like you re on vacation marriott luxury pillow set available now

- Marriott luxury pollow s 2 piece set survey for incentives

- Top prize you ve won mariott pillow set

- Congratilations enjoy your marriott pillow set

Another hot topic in the travel-themed scam agenda this year includes bogus gift cards and giveaways in exchange for filling out surveys. Most of these survey or gift card scams were recycled versions of scam campaigns we reported in 2023. Some of the most impersonated airlines include Delta, Southwest, United, Ryanair, Lufthansa and Virgin Australia.

Fraudulent subject lines include:

- Congratulations Southwest Airlines visitor

- Get Rewarded: Your 2024 United Airlines Survey is Here!

- BONUS: $50 SOUTHWEST Gift Card Opportunity

- Delta Airline reward - Open immediately!

- Congratulations gift card worth Sek 5 000 for Ryanair

All analyzed samples containing keywords such as ‘free gift’ or ‘gift card’ that were accompanied by the name of prominent Airlines in North America, Europe or Australia were scams.

Virgin Australia Case Study

While most airline-themed surveys and giveaways are straightforward, with recipients asked to answer just a couple of bogus questions, followed by a prompt to fill out personal information and credit card numbers, one campaign impersonating Virgin Australia Airlines steals the show in this year's survey scams topic.

What started as a run-of-the-mill scam to win a $1,000 Virgin Australia voucher turned into a survey nightmare – with over 40+ interactions, pop-ups, and multiple chances to win additional prizes.

Besides the obvious ruse, this campaign shows that scammers are keen on perfecting their doxing practices. Some of the questions appeared to have been specifically chosen to gauge specific interests of victims, their income, and other details that could be used in other scam campaigns.

The scam survey asked for names, emails, birth date, full home addresses and phone numbers. Phone numbers were used to validate “entry” and used to contact winners. Some of the mandatory questions were about the type of charity organization recipients want to support, annual household income, marital status, solar panels, clairvoyance and horoscopes, property ownership,  mortgage payments,  cruise deals, favorite retail stores (listed names, Coles, Bunnings and Amazon).

Airbnb and Booking.com phishing campaigns

This year’s travel-themed scam agenda wouldn’t be complete without phishing campaigns targeting Airbnb and Booking.com hosts and customers. Some of the phishing campaigns aimed at tricking hosts into handing over their login credentials, while others deployed a malicious payload onto devices. The scam emails purporting to come from Airbnb said that user accounts were suspended to security reasons–such as exceeding the maximum number of login attempts.

Booking.com phishing emails were designed to look like a message from the online platform notifying hotel managers that one of their guests needed to get in touch with them ASAP to arrange the return of some forgotten belongings.

Malicious Booking.com phishing variant targeting Brazil

A malicious campaign impersonating Booking.com targeted recipients from Brazil. The bait was a confirmation for accommodation at a hotel, accompanied by a malicious attachment “COMPROVANTE.PDF”

Malware analysis by researcher Victor Vrabie revealed that victims in Brazil were targeted by Astaroth malware (Guildma), a prevalent banking Trojan and information stealer in South America first spotted in the wild in 2017.

Guildma is a highly versatile information stealer that can extract sensitive info from banking services, online platforms and email services. On top of its data harvesting capabilities, Guildma (aka Astaroth) can execute files and download additional payloads onto compromised systems.

Safety Tips

Increased digital activities, summer travel, and hotel bookings mean cybercriminals are just getting started with their travel scams and phishing attacks.

Here’s how you can protect your accounts, data, identity and finances:

1. Ignore all unrequested or unsolicited emails. If you’re after deals and promotions, ignore those that sound too good to be true and head to official websites and platforms to check for up-to-date listings and deals from legitimate service providers.

2. Be extremely wary of attachments. Urgent messages associated with attachments should be handled with extreme care. Any booking confirmation you receive via email should be verified by accessing your account on the official platform or app (no accessing links in the email). Whenever in doubt, contact the platform/provider directly.

3. Hover over any URLs to ensure you’re not directed to look-alike domains.

4. Ignore all unsolicited correspondence regarding survey participation and giveaways from airlines that promise you cash, frequent flyer miles or other gifts such as electronics

5. Never provide sensitive information, including credit card numbers, social security numbers or any other form of ID via email through unrequested correspondence

6. Install a security solution on your devices to protect against malware and phishing attacks.

7. Use specialized scam detection tools like Bitdefender’s Scamio to detect potential scams. If you suspect someone is trying to scam you, check with Scamio. Send any texts, messages, links, QR codes, or images to Scamio, which will analyze them to determine if they are part of a scam. Scamio is free and available on Facebook Messenger, WhatsApp and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.

Get award-winning protection and a cybersecurity ally this summer by choosing Bitdefender.

Travel, browse, and shop while attending summer events or longing by the hotel pool, knowing that your data and devices are safe.

Moreover, we’ve also added a new and free layer of defense dedicated to fighting dangerous emails. Bitdefender Email Protection integrates with your Gmail and Outlook to watch over your mailbox and protect your money and credentials.

Let us handle cybersecurity needs this summer and beyond by opting for our special summer sale packages.

Note: This article is based on spam samples  provided by our dedicated Bitdefender Labs researchers Viorel Zavoiu.