By Sarene Lee
As Eid al-Fitr draws near, many Malaysians will make travel plans to reconnect with friends
and family after the Ramadan fasting period. This however is also a period that threat actors
will exploit for opportunistic gains. After all, who can resist the bright allure of vacation deals
and online travel discounts?
At Palo Alto Networks, we have seen evidence that adversaries have already begun to
experiment with and leverage AI in their attack methods1. This Eid, threat actors will seize on
the demand for travel deals and tickets to unleash a flurry of AI-driven scams, particularly
through social engineering and phishing. In 2023 alone, over RM1 billion was lost to scams
and scam ads according to PDRM.
One prevalent scam that Malaysian travelers need to watch out for is AI-generated fake travel
deal promotion. Cybercriminals have leveraged the prevalence of gen AI to produce
extremely realistic emails, texts and social media posts at scale, advertising
too-good-to-be-true travel package offers that appear to come from major airlines, hotel
brands or online travel agencies.
For example, you might receive an email claiming to be from a popular Malaysian travel site
advertising a luxurious 6-night stay at a 5-star resort in Bali for only RM500 – including flights.
The compelling ad copy, familiar branding and formatting could easily fool people into
clicking through to a rogue site designed to steal payment details and install malware.
Another scam that employs AI-generated deepfake audio or video to power social
engineering attacks exploiting fears around travel emergencies and crises. Using
sophisticated voice cloning and facial mapping, scammers can create fake videos of loved
ones claiming to have been mugged, injured or arrested while traveling abroad. They then
make urgent pleas for money transfers to pay for emergency expenses.
You could receive a distressing video call that appears to show your parents or siblings
claiming their passports and belongings were stolen. With the realistic deepfake audio and
video, it’s understandable that panicked victims might quickly transfer money to the
provided account before identifying the deception.
Smishing attacks represent another growing travel threat to be aware of. With smishing, you
receive AI-crafted SMS messages about fake flight cancellations, schedule changes or new
travel fees that must be paid. The context-aware language models allow these messages to
be precisely personalized with details like your name, flight numbers and travel dates to
heighten authenticity. The malicious link directs users to a phishing site aimed at harvesting
login credentials for account takeover fraud.
Here are some essential tips to protect yourself from these sophisticated scams this Eid:
https://www.paloaltonetworks.com.au/resources/research/unit-42-incident-response-report
- Be extremely cautious of any unsolicited emails, texts or calls regarding travel deals,
cancellations or emergencies – even if they appear to be from legitimate companies
you know and use. Verify directly through official websites and customer service
channels before taking any action. - Never click on links or attachments from unknown senders or suspicious messages.
Doing so could install malware and compromise your device. Bookmark travel
providers to ensure you’re accessing their real sites. - When booking travel, always use reputable providers and be wary of websites with
strange URLs or messages urging you to bypass payment portals and transfer money
directly. - Enable multi-factor authentication on all accounts to prevent unauthorized access
and account takeover attempts. Use unique passwords for different sites. - Use a reputable VPN service when connecting to public WiFi while traveling to
prevent eavesdropping and man-in-the-middle attacks.
While AI can significantly enhance products and services, it is increasingly being weaponized
by malicious actors in sophisticated ways. As AI capabilities continue to advance, we can
expect to see more convincing travel scams emerge.
Sarene Lee, Country Manager, Malaysia at Palo Alto Networks, said, “People’s constant
search for good-for-value travel deals creates a vulnerability that scammers will exploit. Let’s
not also forget that the travel industry is a treasure trove of sensitive customer data and data
is a currency that bad actors are extremely attracted to. While consumers need to stay
vigilant to scams, travel companies equally should stay abreast of adversaries by preparing for
zero-day attacks.”
At Palo Alto Networks, we are committed to raising cybersecurity awareness and sharing best
practices to help Malaysian consumers and businesses defend against the latest AI-fueled
threats. Stay vigilant this festive period, and enjoy safer Eid celebrations with friends and
family.
