New Delhi: After targeting users of e-commerce websites like eBay Inc. and its payments unit PayPal Inc. , cybercriminals are starting to train their sights on those who frequent travel and hotel industry sites, experts said. A new malware has infected the computers of one out of six Internet users in India, who checked out hotel reviews or made room and travel bookings online.
TripAdvisor Inc., a hotel-review website, recenty became a victim of the bug, said Trend Micro Inc., an Internet security solutions provider. Many of TripAdvisor’s users received spam mail with booking confirmations for hotels they had checked out on the website. So far, the online company is the only known prey of cybercheats.
“A lot of e-commerce websites pay the price for being popular. Cybercriminals rely on heavy online user activity,” said Suchita Vishnoi, a spokeswoman for Trend Micro. “eBay and PayPal were the most phished websites for the September quarter. Recently, TripAdvisor, which is one of the websites where there is huge common user activity, got infected.”
Phishers, as the offenders are known, typically send out emails purported to be from a trustworthy entity such as a bank or a credit card company, attempting to ferret out confidential financial information and passwords they use later to defraud Internet users.
One of the managers of Trend Micro, who travels a lot, was almost duped when he received an email with booking details for a hotel he had checked out on TripAdvisor, said Vishnoi. The email was detected to be spam when it turned out that the hotel didn’t exist at its purported location.
“Now a frequent traveller who has done a hotel booking or checked reviews recently, in all probability, would be prompted to click on that mail,” Vishnoi explained. “When a user clicks the attachment in this spam mail, the malware known as Gamarue becomes active. It can steal from an affected user any information left behind on emails and that saved on user’s system. It can even threaten user’s sensitive information such as credit card number, which user might be using to place an order online at that time.”
Gamarue is a family of malware that may be distributed by spam mail and steals information from an infected computer.
By the time the malware came to notice in the last week of October, it had already affected 1.89% of almost 121 million Indian Internet users, as per recent statistics compiled by Trend Micro. It affected 30% of all Internet users in Germany, 25% in Australia, 11% in Singapore, 9% in Italy, and 2% in Taiwan, among others, according to Trend Micro.
Analysts say the online travel and hotel market has become an attractive target for cybercriminals given the large volume of transactions on hotel and airline sites.
“Online travel and hotel industry constitute around 50% of the total e-commerce space. So, it is indeed a very attractive target for cybercriminals,” said Ram Badrinathan, an analyst at travel research firm PhoCusWright. “However, this segment has very low margins. The companies operating in this space are even more focused on security, because even if they lose a small part of their business, it would be a very costly affair for them.”
The Indian online travel industry’s gross bookings is estimated to reach Rs.43,200 crore by 2013; gross bookings for in the online hotel segment will reach almost Rs.5,200 crore, said a recent report by PhoCusWright.
Vishnoi said it isn’t known how many users have actually had their information stolen or cheated. Researchers are still in the process of finding out the impact of the malware, she said.
When reached for comment, TripAdvisor didn’t confirm or deny that its users had been affected.
“TripAdvisor takes appropriate security measures to protect confidentiality of its member’s information. We do not collect travellers’ credit card or financial information, and we never sell or rent our member list,” the company said in response to email queries. “All member passwords remain secure. Further, as a precautionary measure, we advise our users to not open any message from people they do not trust and ignore suspicious emails.”
TripAdvisor, which is among India’s top five travel brands as per digital market research firm ComScore Inc., globally has 60 million unique monthly visitors and 2.4 million unique users per month in India.
Vishnoi said it isn’t known whether any other websites had been attacked.
“Since this was detected in India, we sent alerts instantly to our product network to block such emails,” she said. “Other security vendors also must have stepped up their security system as well. Even though most of the travel and hotel websites are built on the business models of e-commerce websites and they follow the security measure like barriers and checks, this has happened in the past and will continue to happen.”
The online travel and hotel industry remains confident.
“The security in online travel and hotel companies is far greater than that in offline companies because of very stringent regulations,” said Keyur Joshi, chief operating officer and co-founder MakeMyTrip.com. “In general, across the industry, companies follow highest level of security compliances.”
Hrush Bhatt, co-founder of Cleartrip Travel Services Pvt. Ltd, which averted a cyber attack aimed at stealing customers’ personal information a few months back, said the company’s team had spent months building safe payment gateways for transaction.
“Our payment gateways are designed from the ground up to make theft and misuse of customer data impossible,” Bhatt said.