Plane sailing for ticket scammers: How to keep your flight plans safe

You may be getting ready to jump on a plane and head off for a few days or weeks of rest and relaxation. So the last thing you need before flying is a technology related horror show. Sadly, scammers are aware of families getting ready to hit the skies, and have tailored their threats accordingly. Several trip-related scams are doing the rounds right now, and we’re going to highlight some of the more prevalent ones.

Fake customer support on social media is one current major area of concern. This is often aimed at banking customers looking for assistance. The risk of this has increased since Twitter started charging for blue checkmarks, as many legitimate accounts now sport no visible means of authentication. 

With popular airline easyJet cancelling 1,700 flights between July and September due to air traffic control delays, fraudsters have been busy creating fake support accounts. For people stuck in an airport and hearing the flight is off, or getting ready to make the trip, their first reaction may be to hop onto social media for breaking advice and information.

Bogus airline accounts are directing potential victims to fake airline websites and other portals in an effort to steal credentials (and most likely any payment data they can scoop up along the way).  There’s currently somewhere in the realm of 100+ Twitter accounts using the easyJet branding. Of those, at least two have a gold verified check mark which are used exclusively for approved business accounts. Here’s the main easyJet account, for example.

The rest are a combination of “temporarily restricted” accounts, accounts set to private (and so not visible to non-followers), private individuals, video game themed(!), and more. Many of the accounts claim to be customer support and ask Twitter users to send them their mobile number for assistance. If you’re not talking to the verified account, or directed somewhere by that account, you may end up running into trouble.

Meanwhile, scammers elsewhere are targeting folks looking to dodge some of the Arizona heat. Phony travel agents lie in wait with fake websites and non-existent plane tickets. These sites appear in search engine results or random emails promising fantastic prices. Once you’ve paid and turned up on the day of the flight, or even just tried to check in online the day before, you’re in for a nasty surprise.

The fraudster has merely reserved a seat, as opposed to booking the desired ticket. Meanwhile, they were off using your payment details to try and buy who knows what. A fraught call to your bank or credit card’s customer service department now beckons.

If you’re looking for good deals, airlines and travel agents will be able to direct you to legitimate ticket sources. If you stumble upon a site you’ve not heard of, look up reviews and keep an eye out for any reference to wrong doing. One word of caution: you may also have to check the legitimacy of the reviews, too.

A final warning: be careful what you post online. We’ve previously talked about how posting up a photograph of your home environment can reveal important information. An envelope with your address on it, a box with your full name, even being geolocated because of traceable landmarks outside of your window. Well, the same warning applies to your airplane tickets too. If you’re getting into the holiday swing of things, keep all the small bits and pieces of data related to your trip out of shot. Using the information on your boarding ticket, or even your passport, people up to no good can get a good handle on who you are and what you’re doing.

If you’re revealing your name, frequent flyer number, and passport information online then you’re a possible meal ticket for scammers. This isn’t even necessarily a case of stealing your banking data. They can potentially social engineer their way into accessing your account under the guise of you having “forgotten” your login details. Maybe they’ll sell your frequent flyer account on, or do something else to cause you a headache. They may even just wait a few months and then send a targeted phish. The sky really is the limit with scams, so keep your personal info private.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

https://blog.malwarebytes.com/feed/