Airlines must protect their customers from cyber fraud – otherwise they face new consequences

Philippine Airlines recently suffered a subtle but very damaging cyberattack involving fake flight offers. Instead of directing users to the airline’s official website, fraudulent ads lured them to a fake version that stole credit card details.

The airline has been forced to warn its customers that no such offer exists and that by accepting these false offers they are putting themselves at risk of identity theft and fraud. Unfortunately, this is not an isolated case. UK-based Lloyds Bank warns that holiday purchase scams have increased by 7% in the past year, with victims losing an average of £765 (over $950).

In fact, sophisticated impersonation attacks are on the rise across industries, and companies – including airlines – have not yet found effective solutions to combat them, relying solely on customers to spot the signs of fraud themselves.

Financial regulators are increasingly requiring banks and fintech companies to compensate customers defrauded by such scams. Airlines should not be surprised if they are presented with similar legislation. In this case, they will have to prove that they are taking reasonable steps to protect their customers from fraud – and compensate them when those protections fail.

Regulations that prioritize customer protection are increasing

As identity fraud on websites becomes more common and sophisticated, legislation is blaming fake brands for their lack of customer protection. For example, the INFORM Consumers Act requires online marketplaces to verify the identity of suspicious e-commerce sellers to prevent criminal behavior. In the UK, the Financial Services and Markets Act requires banks to refund fraudsters.

However, advances in artificial intelligence are now making it easier and faster for fraudsters to spoof digital brand assets like apps and websites in ways that are more convincing than ever before. The fact that fraudsters act quickly doesn’t help, but it can take weeks for victims of a scam to realize their loss or that their privacy has been breached. By the time anyone realizes a scam is afoot, the criminals have already moved on.

Cyber ​​fraud in air travel reaches new heights

Similar customer-focused laws are also expected to hit the airline industry, which is fast becoming a popular target for cyber fraud. Lloyds Bank found that airline tickets are the most commonly sold counterfeit travel-related items. Most flights are booked online, cross-border and through third-party providers, making it easy for fraudsters to avoid skepticism and deceive consumers with convincing false materials.

One reason these scams have been so successful is that rising prices after the pandemic prompted customers to search for cheaper deals on social media and lesser-known websites. In addition, rising fees don’t always arouse suspicion, as airlines often add fees at the last minute. It’s not surprising, for example, that one scam victim believed the price of his JetBlue flight had increased by over $100 in a matter of minutes.

Fraudsters use a range of methods, including phishing attacks targeting employees and customers. In addition to fake emails and fake websites, criminals also send messages to customers complaining about flight disruptions on social media, asking them to contact them privately to “rebook” their flight.

Fraudsters buy ads that look like genuine airline links and use techniques like SEO poisoning to get them to appear at the top of Google search results. They even edit phone numbers on Google to redirect customers to their fraudulent hotlines.

When a customer enters their login credentials on a fraudulent website, they are immediately vulnerable to account takeover (ATO) attacks. Fraudsters can then access the customer’s bank account, use their personal information for identity theft, or – a crime particularly common in the airline industry – exploit airline loyalty and frequent flyer programs to steal miles, points or their equivalent.

Companies come under pressure

Despite rising air travel prices, airlines are struggling to make a profit. Rising raw material costs and tough competition are making it difficult for many companies to recover from the COVID-19 pandemic.

Airlines already lose about 1.2% of their mobile and website revenue annually to fraud, which equates to at least a billion dollars annually. In addition, reputational damage is estimated at about 140% of all reported losses. Airlines spend too much money on expensive tools that search for and take down fake versions of their websites, while only treating the symptoms of the problem, not the cause – while customers continue to be scammed. If companies had to start compensating every fraud victim, it’s unclear how many would survive.

Legislation on financial fraud focuses on companies’ failure to adequately protect their customers from fraudsters. If airlines start taking proactive measures now, future fraud schemes will be much less successful.

What can airlines do to protect their customers?

Airlines can take a number of steps to prevent their customers from falling victim to fraud. First, they should improve basic account security for customers and employees, for example by implementing multi-factor authentication (MFA).

Additionally, fraud detection tools with advanced analytics and AI should be deployed, either in-house or outsourced to fraud specialists. These protect the brand’s digital assets from identity fraud and provide more insight into the scope and scale of the attack, so that even individual victims can be identified. Real-time protection systems can alert both the impersonated organization (in this case, the airline) and the customers who visit the fraudulent websites, allowing companies to avoid accusations of inadequate customer protection.

It’s also helpful to integrate your booking platform into a single website. You need to be able to track all of your ticket sales in real time, whether they’re online, offline or through third parties, and monitor them from a central location. This will help you spot early signs of suspicious activity.

It’s still important to educate consumers to recognize the warning signs of potential scams, although this isn’t enough as a strategy alone. It’s important to alert customers to warning signs like typos, unofficial URLs or email addresses, and urgent language. Publicize due diligence measures, such as checking for official markings on a website and only entering data on secure pages, and establish clear methods for customers to warn of potential scams.

Every airline should have an incident management process in place, including a first responder team trained to deal with difficult situations. You need to maintain good relationships with partner organizations and government anti-fraud teams around the world so you can tackle crime anywhere.

Airlines cannot afford to ignore cyber fraud

With the rise of cyber fraud in aviation and the looming threat of companies being held legally liable, airlines must act quickly and implement proactive customer protection. With robust cyber defense and fraud detection tools, airlines can reduce the number of successful digital identity fraud attacks while protecting customer information from such attacks.

Such anti-fraud measures are something airlines can and must take to demonstrate that they take protecting their customers seriously, and that they are well positioned to withstand the passage of stricter laws.