Conal Whetten, a Cyber Supervisory Special Agent at the FBI, has advised air passengers to be wary of several website domains that have been set up by cybercriminals to imitate those of airports.
Whetton says these bogus domains are growing increasingly more sophisticated and present a significant threat to the air travel industry, including for passengers.
These websites are usually built around a domain name that resembles that of the official organisation being spoofed. There will often be just a letter missing or added, or other tricks may be used, such as using an “r” and “n” together to simulate an “m”, so visitors may not immediately notice the difference. The websites themselves often accurately replicate official logos and colour and font schemes to further convince prospective targets. Sometimes the writing style may even be faithfully reproduced.
As to why they go to such lengths, Whetten said:
“They do this to steal personal and business data, and US airports are an attractive target for cyber-actors because there is a rich environment of business and personal information.”
This problem is of course unlikely to be particular to US airports, because cybercriminals are often quick to replicate successful attack techniques. Cybercriminals are likely moving away from scams centred on the coronavirus pandemic and seeking new opportunities. With non-essential air travel now allowed, scammers may well shift their focus, if they have not already, on to phishing campaigns that seek to trick users by offering attractive travel deals.
Whetton also suggests cybercriminals may be complementing this with malicious Wi-Fi hotspots in airports. He said:
“Cyber-actors can capitalize on this sector by creating spoof domains and Wi-Fi networks, which can trick both passengers and airport operators into interacting with malicious websites or emails.”
Air travellers often have time to pass before boarding, so they may be inclined to log into a public Wi-Fi network provided by the airport. Unfortunately, they may inadvertently log into one that’s been set up by a malicious actor, especially if they are redirected to a sign-in page that looks much like the official one of the airport. These hotspots then have access to the internet traffic going through them, allowing them to read unencrypted data or redirect users to malicious websites.
Whetton says anyone unwittingly giving up data to cybercriminals can face consequences, saying:
“They can use your social media lists to scam your friends and family, even order fraudulent purchases from online businesses, ultimately leaving you with the bill.”
Good cybersecurity practices are always important, but especially in airports and other public spaces where the security of a Wi-Fi network cannot be guaranteed. At Pro-Networks, we can provide cybersecurity training as part of our IT support and services because we understand the importance of having an educated workforce that can identify potential cyberattacks. We also offer guidance on technologies, such as multifactor authorisation, to mitigate the effects of compromised user logins.