Cybercrooks registering spoof domains by the dozen

Customers and ex-employees of Thomas Cook are being urged to be on the lookout for fake websites and phishing scammers who may be looking to capitalize on the airline operator’s recent collapse.

Following the UK travel company’s announcement that it had gone into liquidation last month, security researchers at Skurio have stepped up their warnings for “increased vigilance” over any digital communications that use the Thomas Cook name.

The move follows the security company’s discovery of a “flurry of web domain registration activity”, which could be used to underpin phishing attacks against both Thomas Cook customers and former employees.

“Thomas Cook had contracted Skurio to monitor surface, deep and dark web sources to provide early data breach detection services,” the company said. “As part of this service, Skurio has been running automated scanning for new domain registrations claiming to offer Thomas Cook services.

“The service looks for domains set up with subtle spelling errors or additional terms a customer might expect to see, in order send phishing emails, create fake social media accounts or capture customer details online.”

According to Skurio, in just seven days since Thomas Cook’s liquidation announcement, more than 50 new website domains were registered with names relating to the travel company.

Although the security firm said some of these domains have been registered for legitimate purposes, it said a “significant number” appear to have been set up in order to “exploit ex-employees and customers of Thomas Cook, particularly those seeking advice or compensation”.

Skurio shared its list of domains with The Daily Swig. Many seem designed to dupe unsuspecting customers into thinking they are the official Civil Aviation Authority Thomas Cook site, which offers advice to those who have been impacted by the company’s closure.

“Skurio is working with Thomas Cook to continue monitoring the situation and to keep customers informed of important developments,” the company said.

“Meanwhile, ex-employees and customers are advised to treat any social media posts or emails mentioning Thomas Cook with suspicion and avoid clicking through on links they might contain.”

Staying vigilant

Large organizations are constantly under threat of having their brands leveraged for nefarious purposes online.

Moreover, as has been demonstrated in the wake of both natural disasters and terror incidents, it’s clear that cybercriminals have no qualms pinning their illicit campaigns to topical events, no matter how delicate.

Fortunately, in the case of Thomas Cook, Skurio has seen no evidence of active phishing campaigns thus far, but the company urged consumers to remain vigilant.

“To date we have not seen evidence of phishing activity, although we are aware there are reports of people being cold called and vishing,” Patrick Martin, head of threat intelligence at Skurio, told The Daily Swig.

“Our advice is basically to restrict your online research and support to the legitimate named Thomas Cook CAA site and avoid very similar looking domains/URLs.”

YOU MIGHT ALSO LIKE Cybersecurity month 2019: Citizens of Belgium urged to report phishing emails