Researchers at Google have published a report on the latest scam trends, noting an increase in travel-themed scams targeting people preparing for their summer vacations.
“Ahead of the summer vacation season, our teams have observed a spike in travel scams,” the researchers write. “Fake travel websites lure users into booking travel with a promise of ‘too good to be true’ prices, experiences, or discounts.
These deceptive sites often imitate well-known hotels or pose as legitimate travel agencies, a tactic particularly prevalent during holidays and major events when people book travel via messaging apps or phone.”
Threat actors are also using commodity phishing kits to launch waves of package delivery scams that trick people into sending money or visiting malicious websites.
“Package tracking scams exploit the widespread use of online shopping and package delivery services by sending fraudulent messages that appear to be from legitimate delivery companies,” the researchers write. “These scams often trick users into paying additional ‘fees’ that real delivery services would never request.
Our teams have observed these scams impersonating a wide array of global brands. A key tactic is how quickly scammers adapt their websites and messages, often changing content based on when the link is sent to a user. They achieve this rapid deployment using phishing kits like Darcula and Xiu Gou, which mimic legitimate websites and brands almost instantly.”
Additionally, attackers continue to bombard users with SMS phishing (smishing) messages impersonating road toll providers.
“A toll road scam involves scammers sending fraudulent text messages claiming that you owe unpaid toll fees,” Google says. “These scams share patterns with package tracking schemes and are often orchestrated by the same bad actor groups. This, too, is a global threat, and we’ve observed that attackers will ‘follow the sun,’ first sending scam messages mimicking toll roads in Europe, then in the East Coast of the US, then in the West Coast, and onwards over the course of a day.
These messages aren’t always the most realistic — our teams have seen cases where users are spammed with toll road fees in states that don’t operate toll roads.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Google has the story.
Here's how it works:
