Written by Andrea Feldman, Senior Cyber Threat Intelligence Analyst at BlueVoyant
Fraudulent cyber-attacks targeting the airline industry are a common issue largely seen coming out of the underground, such as the deep and dark web. According to RSA Security, airlines are the industry most affected by online fraud, accounting for 46% of fraudulent transactions. As a result, the financial costs for airlines are huge with losses due to fraud estimated at 1.2% of the total global airline revenue.
Over the past few years, there has been a significant spike in threat actors targeting the aviation industry worldwide, due to airlines’ increasing reliance on online booking and reservation platforms. These online tools make it more convenient for customers to purchase airline tickets and have become an industry standard. However, it has also enabled fraudsters to exploit vulnerabilities in online systems. The significant disruption and increase in remote work caused by the COVID-19 pandemic has also caused an increase in fraud in recent years.
Analysing Fraud in the Underground Market
Posts offering flight tickets or compromised accounts with frequent flyer miles or reward points at advantageous prices are very common in underground forums, chat platform groups, and even on social media. Threat actors commonly sell flight tickets at reduced prices by using compromised credit cards to purchase tickets. These kinds of posts are frequently seen in the underground market targeting airlines worldwide. Threat actors typically purchase the flight tickets a few hours before the flight, reducing the likelihood of the airline identifying the fraud in time.
Compatible BIN numbers
It is also common to see posts in underground forums where threat actors seek specific credit card BINs that perform well when booking with certain airlines.
Compromised Travel Agent Consoles
Nevertheless, some threat actors obtain tickets by hacking travel agents’ accounts or conducting fake bookings. Examples include threat actors plotting in an underground forum offering access to a travel ticket panel for sale.
Messages from a threat actor can include mentions of the fake travel panel and its ability for users to instantly issue plane tickets under any name, on any airline, or to any destination. Furthermore, the threat actor can note that the access originates from a large, legitimate company with many accounts, which increases the difficulty for the breach to be detected.
Compromised Frequent Flyer Accounts
Frequent Flyer programs are also heavily targeted in the underground market as another way to issue fraudulent flight tickets. Threat actors offer compromised frequent flyer account credentials for sale, often at advantageous prices. These credentials, which include frequent flyer miles or reward points, are obtained through fraudulent methods such as phishing or hacking into customer accounts. The attackers then steal points or miles and redeem them for flights or other rewards. Access to the compromised accounts themselves is then sold separately.
Fraudulent activities can lead to financial losses for an airline due to chargebacks, increased operational costs for fraud prevention, and damage to the airline’s reputation.
Mitigation of Aviation Fraud
To combat this kind of fraud, it is crucial to enhance security measures and ensure the effectiveness of fraud prevention systems. Employee training and awareness are also essential components for implementing prevention techniques.
Given that fraudsters continuously adapt their methods, it is important to:
· Regularly review and update fraud prevention policies and procedures to address evolving threats
· Conduct thorough internal audits to identify any gaps or exploits in existing systems and processes
· Stay informed about emerging technologies and industry standards to leverage innovative solutions for fraud prevention
· Enforce Multi Factor Authentication (MFA) for user accounts, and ensure password policies are effective and up to date
· Airlines should be monitoring for phishing websites impersonating them, compromised accounts sold in the underground and other fraudulent activities in the dark web.
As the risk of fraud within the aviation industry continues to pose a threat, organisations must be prepared to implement stringent security measures. Companies should look to partner with cybersecurity partners which offer impersonation and fraud detection solutions. They must also implement dark web monitoring and brand protection services, essential to actively monitoring underground communities. This will enable companies to stay ahead of fraudsters, helping to triage the most serious threats that can otherwise have a severe impact on an airline’s reputation and customer experience ratings in a significantly competitive market.
