04.07.2023 - When holiday season rolls around, the fraudsters are never far behind. They use special tricks to get to their victims' holiday funds. Sometimes these tricks are hard to spot, as illustrated by a case reported to the NCSC last week. Even when you are relaxing on holiday, it is still good to have your wits about you, and to be suspicious too often rather than not often enough.
Sometimes, things can go wrong on holiday. The train isn't running, you've missed your connection, the plane is cancelled or the hotel is overbooked. In such cases, you need help so that you can continue your journey. It makes sense in these cases to use a search engine to find a number for the tour operator's hotline. However, fraudsters also take advantage of this, as illustrated by a case reported to the NCSC.
When the first search result sends you to the wrong website
In the Google search results in this case, the entry for a relevant support website of the tour operator was shown in first place. However, the victim did not realise that the first results are not actually search results but are instead adverts, inserted above the real results. Although these entries are marked as "sponsored", this can easily be overlooked in the rush to sort out a holiday problem. The NCSC regularly receives reports about malicious adverts of this kind. They are posted by fraudsters to attract their victims to fraudulent websites. As a rule, the NCSC recommends that users always check the URL of the visited website, to make sure that they really are on the correct site. In this case, however, this would not have helped, as the fraudsters' method was much more perfidious.
Right website, wrong support hotline
If you click on the advert, it really does direct you to the correct website of the tour operator, where a field shows both the Swiss and international support numbers. However, the number shown leads not to the tour operator but directly to the fraudsters. How could this have happened?
The cause in this case was so-called "content injection". Here, the fraudsters are able to use a doctored link to post any content they like onto a legitimate website. This is possible if, for example, the internet address can be used to upload parameter values which are not checked and are then visible to users on the website. Even though content injection may appear harmless at first glance, it can be used in combination with social engineering to exploit this content for the purposes of fraud, as the current example illustrates.
When they call the apparent hotline, users are usually asked to install an app and provide a credit card number. Shortly afterwards, money is deducted.
- Take care when using search engines. Do not mistake "sponsored search results" for actual search results.
- Call up the tour operator's website directly and search it for support numbers.
- Never provide your credit card details over the phone.
- If you did provide your credit card details, contact your credit card provider straight away.
- Before you leave on holiday, take the time to note down important hotline numbers. This includes the number of your credit card provider, for example, so that you can have the card blocked in an emergency.
Current statistics
Last week's reports by category:
Last modification 04.07.2023