Phishing Domains Pose a Significant Cyber Risk for Major Airlines

Home , Black kite, Dynadot, ENom, NameSilo

2018 Airlines Phishing Report

Phishing domains pose a significant cyber risk for major airlines. Learn how many phishing domains for major airlines there are and how to find them. Welcome to 2018 Airlines Phishing Report

Phishing domains impersonating legitimate websites increase cyber risk. As the holiday season arrives, many buy airline tickets to travel to their loved ones or to relax in a nice place. Hackers are eager to exploit this urge of people by creating websites (phishing domains) of major airlines to steal personal and payment information. This report reveals how many potential phishing domains are registered just in 2018.

E X E C U T I V E S U M M A R Y 50 1,300+ 15% x2 Major airlines Potential phishing reduction Certified potential domains compared to 2017 phishing domains all around the world studied are registered in 2018 so but caused more damage. registered compared to ones in this research. far and expected to exceed registered in 2017.

1,600 at the end of the year.

2018 Airlines Phishing Report | 01 Recent cyber attacks against airlines 01 Hackers become more and more dangerous every year

Phishing Domain Search 02 How to find potential phishing domains

Contents Phishing domains are on the rise 03 The number of phishing domains registered in 2018 compared to 2017

We provide the report in Certified phishing sites six easy-to-follow sections 04 SSL or TLS certificates gives the feeling of trust. Hackers get certificate to get to grasp the findings. advantage of that feeling to lure more people

Top registrars

05 Top registrars used by hackers to register their phishing domains.

Learn more 06 Learn more with NormShield

2018 Airlines Phishing Report | 02 Jan. 2015 Mar. 2015 0 1 - R E C E N T C Y B E R A T T A C K S A G A I N S T A I R L I N E S

July 2016 1st Generation 2nd Generation United Airlines & British Airways American Airlines Airlines hit by serious cyber attacks caused July 2017 Mar. 2017 Dec. 2016 Asiana Airlines & Vietnam Airlines significant data breach in the last four years.

In 2015, major cyber attacks to airlines were WestJet Airlines Virgin American Hong Kong Airlines only motivated for reward points. The motivation altered to passenger information in Sep. 2017 2016 and 2017. However, it has evolved to passenger information and credit card Mar. 2018 Aug. 2018 information in 2018. In some attacks, phishing- domain use was part of the scam, as in 2018 3rd Generation British Airways data breach where 380,000 Spirit Airlines customer payment information was stolen.

Cathay Pacific British Airways

1st GENERATION 2nd GENERATION 3rd GENERATION

Goal: Reward points Goal: Personal info Goal: Payment info In 2015, customer loyalty program In 2016 and 2017, the personal data of In 2018 attacks to Cathay Pacific and accounts of United & American Airlines various airlines' customers were British Airways, besides personal data, compromised and misused. breached. Stolen data included names, customer credit card details were also Same year, British Airways customer passport numbers, travel information, breached. frequent flyer accounts compromised. etc.

2018 Airlines Phishing Report | 03 0 2 - P H I S H I N G D O M A I N S E A R C H S E A R C H T I P S

Examine the results Potential phishing domains for 50 Major airlines all The results are potential phishing domains. around the world are studied. Phishing domains are created with missing letters, letter-swapping, and many other 11 2 techniques. Airlines in Airlines in (www.singaporeairlines.com -> Europe Northern & Central Asia 11 www.sinqaporeairlines.com) Airlines in Avoid 2- or 3-letter domain names East Asia 2-letter domain names (such as www.aa.com) creates too many false positives. Because, there are too many derivatives that are actually 7 9 legitimate sites. That is also valid for 3-letter Airlines in Airlines in North America Southeast Asia domain names (klm, jal, ana, tc.). It is better to search for longer version of those domains like americanairlines.com 4 4 Airlines in Avoid generic domain names Airlines in Oceania 2 Western Asia Some airline domain names such as swiss.com, Airlines in austian.com, etc. have broad meanings and Africa may create false positives. Instead search for longer versions such as swissair.com, We search for potential phishing domains for major austrianairlines.at, etc. airlines with NormShield's Free Phishing Domain Check the creation date Search (https://services.normshield.com/phishing- The creation date of a website is a good hint to domain-search)* understand on which potential phishing domains to focus. Check the new ones first. Without creation-date limitation, there are more than 11,000 potential phishing domains for these airlines.

2018 Airlines Phishing Report | 04 * To learn more about how to search potential phishing domains with NormShield's Phishing Domain Search click here. 0 3 - P H I S H I N G D O M A I N S A R E O N T H E R I S E

There are more than 1,300 phishing domains registered in the first 10 months of 2018.

Cumulative number of potential phishing domains registered.

01 02 03 04

15% Reduction Slow start - Rapid increase Expected to exceed 1,600 Some of the domains from 2017 is still a risk

The number of phishing domains In 2018, the potential phishing The projections of increase for the Some hackers register a phishing registered in the first 10 months domains started to appear very last 2 months of 2018 indicates domain, but not necessarily start of 2018 are 15% less than the ones slowly, but rapidly increased after that the number of potential the scam right away. They may in the same duration of 2017. May, especially due to holiday phishing domains may exceed want to wait for some time. season. 1,600 (still lower than 2017) Hence, some of the domains registered in 2017 still pose a risk. 2018 Airlines Phishing Report | 05 0 4 - C E R T I F I E D P H I S H I N G S I T E S

has a valid certificate

17 % 34 % Hackers try to gain trust by getting valid certificates for their phishing domains. 2017 2018

https:// x2

FINDING #1 FINDING #2 FINDING #3

34% of domains has a certificate Certified domains doubled Techniques are evolved The padlock icon (https at the URL) indicates The ratio of potential phishing domains Every year, hackers improve their that a domain has a valid SSL or TLS with a valid certificate doubled in 2018 techniques and become more clever. certificate and a certain level of security. compared to last year. That's why It is no surprise to see the However, 34% of potential phishing increase in the number of phishing domains also has a valid certificate. domains with a valid certificate.

2018 Airlines Phishing Report | 06 0 5 - T O P R E G I S T R A R S P H I S H I N G D O M A I N F A C T S

Loss of reputation Phishing domains are exploited to target not only employees but also customers. Even The potential phishing domains are mostly though companies cannot be directly held registered by well-known and widely-used responsible for customers deceived by phishing scams, it is a loss of reputation when a registrars such as GoDaddy and NameCheap company does not take necessary measures.

One of the major cause of data breach In recent events, number of breaches caused Top Registrars in 2018 Top Registrars in 2017 by phished credentials is more than breaches

GoDaddy.com, LLC GoDaddy.com, LLC caused by other reasons such as malware and 31% 29% unpatched systems combined NameCheap Inc. NameCheap Inc. 11% 13% DropCatch.com LLC PDR Ltd. Can be used to cover tracks 6% 5% Name-blending phishing domains are exploited NameSilo, LLC DropCatch.com LLC 5% 4% not only for phishing attacks to steal credential PDR Ltd. Dynadot LLC s but also for attackers to cover their tracks in 4% 4% Tucows, Inc. Enom, Inc. malicious codes. For the recent advanced 4% 3% attacks against British Airways and Newegg, Dynadot LLC Tucows, Inc. hackers inserted phishing domains 3% 3% Internet Domain Service BS Corp. NameSilo, LLC into malicious codes to cover their tracks. 3% 2% Others Others How to monitor 34% 38% It is very difficult for a company to search entire web and determine a phishing domain that may target its employees and customers, but there are certain tools that can be used for those purposes such as NormShield's Free Phishing Domain Search.

2018 Airlines Phishing Report | 07 E V A L U A T E . R E M E D I A T E . V E R I F Y . Cyber Risk

T R U S T E D S E C U R I T Y R A T I N G S E R V I C E S Scorecards

NormShield, trusted security rating services, provides Cyber Risk Scorecard for

companies with many categories. NormShield Cyber Risk Scorecards provide the

information necessary to protect business from cyber-attacks including phishing

domains. The scorecards provide a letter grade and a drill down into the data for

each risk category so that remediation of vulnerabilities can be prioritized.

LEARN MORE

2018 Airlines Phishing Report | 08 L E T ' S G E T I N T O U C H

T R U S T E D S E C U R I T Y R A T I N G S E R V I C E S www.normshield.com/

[email protected]

8609 Westwood Center Dr. Ste 110, Vienna, VA 22182 Know what hackers already know about you.

+1 (571) 335-0222 Knowing your Cyber Risk Score equips you with the information necessary to protect your business from cyber attacks and it increases your awareness against third party risks. NormShield Cyber Risk Scorecards allow you to monitor your own cyber risks as well as @normshield the cyber hygiene of your entire vendor ecosystem. With easy-to-understand letter-grade scores, you will have a clear view of your security posture. /company/normshield