top of page

Is my travel firm at risk of a phishing attack?

Travel, tourism, and leisure are among the most impacted industries globally by cyber security, with digital fraud attempts rising 155.9% in the last 12 months.

boat on a lake

From the middle of 2022 a small but financially motivated cybercrime group – identified as TA558 by Enterprise security firm Proofpoint -began conducting cyber-attacks aimed at hospitality, hotel, and travel organizations in the Americas and Europe. These attacks are ongoing, and they exist simply to install malware on compromised systems.

And how have they been doing it? You’ve guessed it. Through waves of phishing campaigns based around malicious spam messages with reservation-themed lures such as hotel bookings. These messages contain weaponized documents or URLs in a bid to entice unwitting users into installing trojans capable of reconnaissance, data theft, and distribution of follow-on payloads. "The malware used by TA558 can steal data including hotel customer user and credit card data, allow lateral movement, and deliver follow-on payloads," the researchers said. "Activity conducted by this actor could lead to data theft of both corporate and customer data, as well as potential financial losses."

This latest ongoing attack demonstrates why it is essential that you adopt appropriate safeguards to reduce your own risks around data breaches. And there is no better time than now to put your good intentions into action. So read on to find out how you can work with the Eastern Cyber Resilience Centre to start protecting your company from the growing threat posed by cyber criminals.

So, what is phishing?

Phishing remains the most common type of cyber-attack - affecting 79% of businesses in 2023 - and results in the largest financial losses for companies. Phishing is a tactic used by criminals who try and trick you into clicking a bad link that can download malware or try to encourage you to hand over passwords or account details.

You might have heard of phishing, vishing, smishing, quishing, spear phishing, whaling, but all the names mean is that there are a lot of different ways that a cyber-criminal is going to try and obtain sensitive information from you. Criminals use all communication methods, so if a new method comes out, you can be sure a criminal will be there trying to exploit it. And these criminals are experts in getting us to act in the way they want, whether that is clicking a link or downloading an attachment.

Would your staff recognise phishing e-mails?

If a message contains any of the following, really think before you click:

Urgency “you must do this now” – here the attacker is trying to induce you to panic so that you don’t question the action being asked of you.

Authority – messages appearing to come from a boss, colleague, or company you engage with regularly, or with information they shouldn’t have unless they are genuine (your IP address for example)

Mimicry – attackers send messages that exploit your daily habits such as “please review your calendar entry – click here.”

Curiosity – enticing you with something like “breaking news.”

And remember.

  • No legitimate company will send emails using ‘' or ‘'.

  • Look at the email address, not just the sender. Do they match?

  • Check the spelling and grammar, are the domain, name, sender's name, and signature spelt correctly?

  • Did you expect to receive the email or attachment? Don't open an attachment unless you are fully confident that the message is from a legitimate contact or company.

Improve your company’s resilience to these forms of attacks by upskilling your staff’s knowledge. Take advantage of our Security Awareness Training which costs from only £220.00 for up to 50 members of your team.

Why do cyber criminals do it?

They want access to your systems but more importantly they want money – yours, your suppliers, or your customers. They don’t really care who it belongs to!

Phishing messages are usually designed to get you to click a link or download an attachment. They hope to either steal your login credentials or install malware on your systems, and once they are in your system, stealing your data is likely the next step for them. And after that they may hold you to ransom to get it back, they might just publish it all on the internet or they could simply destroy all your company data without asking for anything. Or they may just wait for an opportunity to take advantage of their position in order to steal money from you, a supplier, or a customer.

What can you do?

All phishing depends on an element of social engineering or interaction with a person, so you really need to make staff engagement and upskilling a priority.

ECRC has affordable student services who can deliver a bespoke training session tailored to your company and the risks it faces. Contact us to find out more.

Have a plan in place to deal with phishing attempts and successful attacks. Make sure your staff know how to report an attack and don’t put barriers in place to reporting, such as disciplinary action. Make sure you report all phishing attacks to

Phishing attacks can be very sophisticated and extremely difficult to guard against but making sure you know how and when an attack has taken place means that you can react in the right way. You really don’t want a staff member too scared to report a successful phishing attack and letting an attacker have an extended period of time in your systems.

The National Cyber Security Centre (NCSC) have created an enterprise Outlook add-in for staff to be able to report email phishing directly from their email box. The NCSC will the actively seek to disrupt the criminals sending these messages, protecting you from them as well as the wider community.

If you wanted to evaluate your and your staff’s knowledge about phishing, why not have a go at our fun phishing quiz?

What next?

The impact of a successful attack against your website or network can be catastrophic and lead to website downtime, loss of data and permanent loss of reputation. But all is not lost.

Here at the centre, we would recommend that you.

  1. Join our community today as one of our growing number of free core members. You will be supported through implementing the changes you need to make to protect your organisation.

  2. Consider how you can help your own supply chain and customers – it would be great if you could look at promoting the centre on our behalf. Have a look at our referral scheme to see how referring another company into the centre could benefit you.

  3. Take a look at our range of affordable student services, all which could be used by your organisation to make yourself more cyber resilient.

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing.

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need.

Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page