Support Skift’s Independent Journalism

Skift’s editors and reporters produce over 150 exclusive stories every month. We are the leading source of news for the global travel industry.

Airlines have been overwhelmed by a surge of consumer requests for refunds for flights canceled due to the coronavirus pandemic. Scammers have been eager to exploit the situation, pursuing fake refund claims and other scams at a time when airline resources are otherwise strained.

One flashpoint is so-called “social engineering attacks.” The recent surge in customers interacting with airline customer service via social media has created a larger-than-usual opportunity for swindling.

Some customers post on social media their booking reference numbers and other personal information as they try to get answers from companies. Airlines aim to combat the problem by warning customers not to share telltale information in public. For instance, United has a standard script on Twitter to warn customers who reveal too much online. United asks the customer to “please delete your public tweet as it has your confirmation number, and send us a D.M. [direct message] instead.”

Yet some con artists appear to use screen-scraping bots, or programs that trawl online looking for booking reference numbers, to catch the information before the airline prompts the customer to delete the information. The details are then bought and sold among criminals on so-called dark web, or a set of sites where users are untraceable and anonymous.

Get the Latest on Coronavirus and the Travel Industry on Skift’s Liveblog

The travel companies that Skift reached out to were not willing to discuss publicly the extent of the problem. But in the last six weeks, nine marketplaces for credit and banking card information on the dark web saw a sudden drop of up to 10 percent in price and value of cards listed, versus an average of little average price change in the past year, according to Urban Fox, a Dublin-based startup that offers fraud detection and prevention services for merchants and banks.

The drop in price suggests that there’s been a surge in cards available for sale.

Swindlers often obtain the credit or banking card information by getting online access to frequent flier accounts where the details are stored with the help of booking reference numbers and other private details. Alternatively, they try to empty the loyalty accounts by redeeming the miles for rewards in online stores

The thieves often then sell the card details on the dark Web. A common maneuver is for another con artist to buy the card details and then use the numbers to buy goods online and then resell the items for cash, covering their trails.

A separate ruse is to launder the money. A case in point: One short-term rental host based in the UK, Jānis Dzenis, said he has received in the past month four requests for dodgy bookings that smack of small-time money laundering. Dzenis said that’s a dramatic uptick in such messages.

Dzenis shared one of the messages with Skift. A person claimed to have a travel “budget” that they couldn’t spend by a deadline due to the travel lockdowns. The person said they wanted to book the host’s apartment as long as the host would promise to give back part of the money. The person gave the excuse that they couldn’t actually stay in the rental unit due to travel restrictions so they wanted a discount.

Some short-term rental hosts, desperate for income due to empty units, may accept such a bargain even if they suspect something’s odd. If they participate, they’ve helped launder money, making it harder for authorities to trace stolen data.

In another version of this type of affair, the fraudster will pay the owner with a credit card or another payment method on which the host holds the liability. Then the fraudster will likely receive back part of the money by the host. Ultimately the host will receive a chargeback for the whole amount sometime later. So at the end the host will have received nothing after paying back the chargeback and on top he will have transferred some money to the fraudster.

“Friendly Fraud”

A second problem plaguing airlines more than usual during the pandemic is so-called “friendly fraud,” where transactions are legitimate but consumers are mistakenly or wrongfully disputing them. In the typical case, a consumer requests a refund for a canceled flight while at the same time they dispute the credit card purchase with their bank, asking the bank for a chargeback.

At one payment network, Mastercard, disputes over plane ticket purchases have risen on average from about 0.5 percent on about 20 percent on average, said Johan Gerber, executive vice president of cyber and innovations, as first reported in Payment Source.

All bank and payment providers are vulnerable, experts said. Chargeback disputes take time to resolve and cost airlines resources to make sure they don’t double pay. Chargeback confusion also frustrates the ability of carriers to process a deluge of flight refunds.

A third, and a more niche, deceit is when con artists target victims individually. A small number of con artists are contacting people who have posted about travel refund hassles on Facebook or Instagram, said The Better Business Bureau, a U.S. public advocacy organization.

Scammers pose as being from an airline or consumer watchdog group, seeking information related to a recent ticket. Their goal is to trick customers into revealing financial details. Duped consumers often complain to airlines, eating up airline customer service resources.

Fighting the Wrong Problems?

Unsurprisingly, a handful of tech vendors have sprung up in recent years to protect buyers and sellers from e-commerce fraud. The companies, such as Identiq, Kount, Perseuss, Riskified, and Signifyd typically promise to verify buyer identities, detect suspect patterns in purchasing behavior, or conceal and encrypt vulnerable data.

Yet travel executives may sometimes be focusing on potential problems that aren’t draining the most revenue.

“Many executives focus on sexy-sounding attack vectors, like the risk of hackers breaking into corporate systems or launching denial-of-service attacks,” said Daniel Loftus, CEO of Urban Fox. “But at the end of the day, it’s challenging for a criminal to make money from those things.”

“Companies could wipe out most fraud if they had more joined-up thinking,” Loftus said. He suggested that different departments, such as the cybersecurity team or IT department, the accounts receivable department, the customer service team, and the social media team need to coordinate more often at many airlines and other businesses.

“My message to airlines would be that most fraud in your system is hiding among your regular transactions,” Loftus said. “I’m shooting myself in the foot here as a vendor by saying this, but airlines could tamp down on a lot of fraud by focusing on the mundane stuff and using tools they already have at hand.”

Photo Credit: An external view of San Francisco International Airport. United