Thomas Cook’s former breach detection contractor has warned of a sharp spike in scammers setting up fake websites to lure ex-staff and customers alike.
Digital risk biz Skurio said it has spotted “a flurry of web domain registration activity” focused on Thomas Cook-themed domain names. These appear to have been set up by scammers looking to make a quick buck out of the desperate, stranded and newly unemployed alike.
The world’s oldest travel agent, which also had its own airline, collapsed into liquidation at the end of September, taking 9,000 jobs with it. The Civil Aviation Authority is in the midst of a two-week rescue operation using chartered airliners to bring holidaymakers back home, with 44 flights ferrying passengers just today.
Thomas Cook had hired Skurio to keep an eye out for any data breach evidence that popped up on cybercriminals’ known online hangouts. Its service “looks for domains set up with subtle spelling errors or additional terms a customer might expect to see,” said the infosec firm, “in order to send phishing emails, create fake social media accounts or capture customer details online.”
Since Thomas Cook’s liquidation announcement on 23 September, Skurio said it had detected 53 new domains with names relating to Thomas Cook in just seven days. While acknowledging that “some of these have been registered with good intentions and for legitimate purposes”, it also said – unsurprisingly – that a “significant number” had been set up “in order to exploit ex-employees and customers of Thomas Cook, particularly those seeking advice or compensation.”
“Customers should visit the dedicated CAA site https://thomascook.caa.co.uk/ for information about compensation claims,” advised Skurio.
Scammers have long targeted popular events in order to catch a few gullible marks. Chinese students were recently seen to be being targeted by a visa scam that used a fake police website. Every year there’s always a flurry of tax-related scams around the end of the tax year, with phishing site operators setting up fake tax return websites to hook the time-crunched and desperate.
Infosec biz Palo Alto Networks goes as far as to advise corporate sysadmins to simply block access to any domain less than a month old. Perhaps that’s sound advice.