Cybercriminals are targeting former Thomas Cook employees and customers with phishing sites in the wake of the company’s collapse, cybersecurity researchers have warned.
Since Thomas Cook collapsed in late September, the number of websites impersonating the beleaguered travel firm has drastically increased.
Website records collected by cybersecurity company Skurio show that hackers have bought web domains which are used to scam web users seeking information on the company.
In a blog post, the company said that more than 50 websites have been created; many of which appear to be aimed at duping consumers.
“Since the company’s compulsory liquidation announcement on 23rd September, Skurio detected the registration of 53 new website domains with names relating to Thomas Cook in just seven days,” the company said.
“A significant number…have been set up in order to exploit ex-employees and customers of Thomas Cook, particularly those seeking advice or compensation.”
- PayPal first to ditch Facebook’s Libra cryptocurrency
- ‘Mind-reading’ exoskeleton lets paralysed man walk again
- Facebook messaging encryption could ‘threaten lives’, ministers claim
Thomas Cook had previously been a customer of Skurio, with the cybersecurity firm regularly trawling the web to uncover scams aimed at customers. On average, the company encountered one or two fake websites each week.
One particular website identified by the firm, named Thomas Cook Refunds, employed the usual tactics exhibited by phishing websites. This site used the company’s logo to appear legitimate and requested details from customers including their name, email address booking numbers and other additional information.
This site claimed it would be able to provide a “refund status” for bookings made before the company’s collapse. Patrick Martin, head of threat intelligence at Skurio, told the Telegraph that other website addresses purchased since September have also been left blank. This may be another tactic by scammers to use the domains to create convincing fake email campaigns.
Some of the websites identified have been registered “with good intentions and for legitimate purposes”, the company added in its blog post.
Martin said that some may be by “genuine ambulance-chasing lawyers” with websites redirecting customers to law firms offering information on how customers can receive a refund.