How Russian Are Hacking Skyscanner, Expedia, booking.com & trivago to get Cheap Deals

Airlines and hotel chains are attractive targets for cybercriminals, as they can earn great rewards by attacking these platforms, not forgetting that some of these platforms have their own vulnerability rewards program, digital forensics experts mention. 

These companies operate with a wealth of personal and financial information from millions of people, as well as travel histories, reward program memberships, and more. Many companies have been attacked by these criminals, including British Airways, Easyjet, Travelex, Marriott and more; With this information in their possession, threat actors act as a kind of travel agents on deep web forums, selling airline tickets, hotel reservations, car rentals and even organizing weddings in high-demand tourist destinations, all at an extremely low cost. 

In a certain way, these black market travel agencies are helping many travelers, including cybercriminals, save up to 70% of what they would have paid at a conventional travel agency. 

In these illegal forums it is possible to find many underground travel agencies where great deals are offered for travel; however, there are always some that stand out for having thousands of customers around the world and having made millions selling airline tickets and hotel reservations illegally. These travel agencies are a paradise of offers for any traveler and among them stand out the following.

PATRIARH OR “THE PATRIARCH”

Новости Сервиса
https://t.me/patriarhservice

This is a very popular service within Russian criminal forums. In it you can make all kinds of reservations and within their ads they claim that they can get prices even 50% lower than those offered by companies like Booking.com, as mentioned by digital forensics experts.

Tickets on these clandestine forums are full of feedback from satisfied customers, who praise their services within the tourism industry. In these same forums the same customers post photos of their vacation along with regularly handwritten thank you notes and taken in front of a first class airplane seat or in a five-star hotel. These photos somehow function as proof that the service offered does work. 

Their prices vary and obviously depend on what you want to buy; However, as in all black, clandestine and illegal markets, anonymity is crucial, so your preferred payment method is in Bitcoin and other cryptocurrencies.

SERGIK00

Sergik00 is another clandestine forum that functions as a deep web travel agency. Unlike the previous position on the list, this platform also offers car rental, excursions and even VIP weddings at ridiculously low prices. As if that weren’t enough, your team also obtains and sells all kinds of illegal or fake documents you may need to travel to another country, including passports and document alterations.

Публикация Фото отзывов о работе сервиса от @sergik00 (Авиа, Отели, Депозиты, Прокат Авто, Экскурсии и многое другое)
https://t.me/sergik00_promo

Like Patriarh, this forum is full of testimonials from satisfied customers, who post photos from luxurious hotel rooms, airplanes, swimming pools, beaches and more tourist destinations. One curious thing about this platform is that the team behind Serggik00 even presumes to have served famous influencers. Its main base of operations is Telegram, although its deep web sites always show great activity.

BANTIK TRAVEL

Приветствуем на канале ,где почти все брони по 25% от стоимости ! Если хотите приобрести , пишите @batniksales
https://t.me/batniksales1

Bantik Travel is a black market travel agency that works differently from Patriarh and Sergik00. What they do is ask interested buyers to provide details of the trip they are looking to book with examples of Expedia or any other site that sells airline tickets and hotel reservations indirectly. Once customers provide that information, the operators of this platform are responsible for creating a custom list so that the customer decides what they prefer to buy.

Similar to Patriarh and Sergik00, these vendors use Telegram and conventional offline platforms.

MOON WELL TRAVEL & MOONBEAM TRAVEL

In their ads, these platforms ensure that they are part of a team of professionals dedicated to providing their customers with convenient and comfortable stays. Among its services are the sale of coupons for prepaid services and promise that if it is not possible to specifically book the hotel that interests the user, they can get an equivalent replacement or even a better quality hotel at no extra cost. At the moment, your payment method is restricted to the Monero cryptocurrency.

Now that we know of the existence of these clandestine travel agencies, it is also important to understand where they get the hotel reservations and air tickets they offer for sale. According to digital forensics experts, there are currently several methods, some of which we will review below.

AIRLINE ACCOUNTS

In these forums that function as underground markets we can also find for sale cards from stolen airlines. These tend to be sold in auction and wholesale processes; this is no surprise, as conventional credit cards have years to be sold on many underground forums and black markets.

GIFT CARDS

Another way cybercriminals and travel agents exploit the airline industry is by purchasing certificates and gift cards with massive discounts that reach up to 50% of the original value. Additionally, in order to generate higher profits, these gift cards are usually purchased with airline points from stolen accounts.

Redeeming points from stolen accounts to buy gift cards is an easy way for cybercriminals to earn money fast. Gift cards can also be purchased directly with stolen frequent flyer points or may even have been stolen directly, including their security codes and everything you need to use them instantly.

INDIRECT BOOKING SITES

In these illegal markets, in addition to directly attacking airlines and hotel chains, cybercriminals exploit booking search engine companies. Some users even share exploit methods for sites like Expedia or Kayak, where they take advantage of vulnerabilities on their sites.

Although this is a profitable business for criminals, some of them like to say that they attack such third-party booking companies for a moral issue, saying that because they take advantage of customers by not offering any kind of refund, they do the same.  It’s definitely an easy way to sell something obtained at no cost.

Protect your airline accounts and loyalty programs with hotels

Just imagine that one of these hackers steals your miles or your hard-earned traveler points. To keep this from happening to you, follow the tips presented below by the International Institute of Cyber Security (IICS):

  • Always use strong passwords: Also remember to use two-factor authentication when available
  • Stay alert to phishing cyberattacks: Even if your airline’s mail looks like, if you’re asked for personal information about your account, you’d better contact them directly by the means you already know
  • Don’t expose your frequent flyer number: On your boarding passes, as well as hotel bills, the printed loyalty account number is usually included, so always be sure to shredder these documents at the end of the trip. Additionally, never share photos of your boarding passes on social media
  • Stay on top of your rewards or points accounts: It’s easy to forget about loyalty accounts or points we generate until we finally want to use them.  To prevent theft, it is always important to check them from time to time, as well as to be aware of recent news about data leaks within different companies

Implementing these measures can significantly reduce the risk of compromised your traveler information.