Share
British holidaymakers are facing a chilling new threat as cybercriminals are selling every detail of their vacations – from passport scans to hotel bookings, even discarded boarding passes – on the dark web.
A new report by NordVPN, in partnership with Saily, reveals a thriving black market where personal travel data is being peddled for as little as £8.
The investigation uncovered thousands of listings for stolen travel documents and booking information. Scans of verified UK passports, if recently compromised, can fetch upwards of £4,000, while older or invalidated versions can still be bought for a mere £8.
These compromised documents can be used by fraudsters to open bank accounts, apply for credit cards, and ultimately steal a victim’s identity.
Worryingly, hacked details for hotel reservations, British travellers’ passports and bookings are openly for sale, with criminals offering steep discounts of £200 or more to buyers. This means an entire holiday could be hijacked, with scammers potentially claiming refunds, making fraudulent charges, or even brazenly using the reservation themselves.
“Every aspect of your holiday is now being put on sale by cybercriminals,” stated Marijus Briedis, Chief Technology Officer at NordVPN.
“The best way you can protect yourself against these types of fraud is to ensure that all of your devices are kept updated with antivirus software and make sure that anything related to your holiday booking is saved in a secure place.”
An example of holiday booking fraud available for sale on the dark web
Why are travel documents being targeted now?
The report highlights that travel documents are highly coveted by criminals due to their rich data content, including full names, dates of birth, passport numbers, email addresses, phone numbers, and payment information. This comprehensive data provides a “passport to your life” for scammers.
Travel documents can fall into the wrong hands through various methods, including malware infecting devices, email account hacks, data breaches at airlines or travel agencies, and even phishing sites impersonating official portals. Physical documents like discarded boarding passes at airports can also be collected and exploited.
Experts urge travellers to be vigilant. Vykintas Maknickas, CEO of Saily, noted the rise of AI-powered phishing scams: “With AI tools now easily accessible to criminals, these phishing attempts have become simple to make, remarkably convincing and difficult to tell apart with the naked eye.”
To protect themselves, holidaymakers are advised to store sensitive travel documents in encrypted digital vaults, verify URLs before submitting information online, avoid leaving boarding passes in public and regularly monitor bank accounts for suspicious activity.
Reporting lost or stolen documents promptly is crucial, as invalidated passports are “practically worthless on the dark web,” according to NordVPN.
Related Posts
Discover more from Tech Digest
Subscribe to get the latest posts sent to your email.