Consumers’ online searches for inexpensive airline tickets may end up costing them more than they bargained for if they’re not careful.
Panda Security today warned that bogus cheap ticket sites have cropped up in order to separate people from their credit card numbers. Hunting for airline tickets using an Internet search engine can lead hopeful travelers to these sites.
Panda said the sites include a form asking for personal data, including credit card number, expiration date and verification value. Once that data is entered and the “buy ticket” button is clicked, an error message comes up telling the user that the transaction could not be completed. It gives instructions on how to pay for the ticket by postal money order.
Scammers Getting Imaginative
Consumers may be fooled because they typically find the site on their own. “It’s actually the buyer, in searching for the best prices online, who goes to the fraudulent Web page,” Luis Corrons, director of Panda’s research lab, said in a statement. “This creates a false sense of security that can lead users to proceed with the transaction.”
Phishers are trying to stay one step ahead of a public that has become more wary of e-mail scams, one analyst said.
“As people become more suspicious of unsolicited e-mail, we’ll see more creative ways to set the lure such as this,” Jonathan Penn, principal analyst, identity and security, Forrester Research, told TechNewsWorld.
Panda said the discovered sites had been shut down, but warned that others like it would probably appear. Although requiring a bit more time to set up than bogus e-mails, these sites are still worth it to phishers.
“This is as simple to do as a phishing attack: The lure is set through search engines rather than bulk mail. It shows a bit more patience, but we already see that being displayed in many other areas by fraudsters and identity thieves,” Penn said.
The best way to avoid these scams is to use common sense: Know who you’re giving your private information to.
“People should go to sites they trust or are peer-rated as trustworthy in shopping portals like Yahoo. We’ve seen other phishing attacks whose goal is just to capture personal credentials, rather than to engage in a fraudulent transaction,” Penn said.