Scam and phishing are on the rise globally and in the META region, in particular in Q1 of 2023 South Africa, Kenya and Nigeria all saw an increase in the number of phishing attacks compared to Q1 2022¹. South Africa saw a 7% increase, Kenya an 87% increase and Nigeria a 53% increase in the number of phishing attacks in Q1 2023. A holiday season is usually the time when cybercriminals intensify their activity. The European summer time is not an exception: people are planning their vacations and dreaming of a nice time travelling or on the beach, becoming easy targets of scam campaigns.

Kaspersky has found that over the European summer months cybercriminals send out fake HR emails to employees in order to get corporate credentials. The aim is to get the phishing link clicked by the employee. In the emails, the attackers mention vacation schedule: sudden vacation rescheduling, the need to confirm the dates, or a clash with some important events. Given that many employees already have plans made, tickets bought, hotels booked, they are more likely to fall for it.

Example of a fraudulent email.

A closer examination of the above email showed that the sender was not a company employee; the “HR director” who “signed” was nameless and his signature does not match the organisation’s corporate style; hidden behind the link seemingly pointing to a PDF file was a completely different address.

It is also clear that the attackers know only the recipient’s address. The automated mass mailing tool takes the company’s domain name and employee’s name from the address and automatically substitutes them into the imitation of the link and the sender’s signature.

Even if the victim clicks the link, they can still spot signs of phishing on the attackers’ website. The link in the above email directs to the page below:


The site is hosted not on the company’s server, but in Huawei Cloud (myhuaweicloud.com), where anyone can rent space. The name of the file doesn’t match the name of the PDF mentioned in the email. There’s not a single attribute on the site to connect it to the specific company. Once the victim enters their password in the login window, it goes straight to the cybercriminals’ servers.

To stay safe and not fall victim to phishing, Kaspersky recommends:

  • Implement protection at the mail gateway level to lessen the likelihood of corporate employees encountering phishing emails. Internet-facing devices need to be protected by an endpoint security solution.
  • Hold regular awareness training for employees on the latest cyberthreats, or, at the very least, regularly inform them of potential phishing scams.
  • Stick to reputable websites: Use trusted and well-known travel booking platforms, airlines and hotel websites when making reservations. Be cautious of unfamiliar or suspicious websites that offer unbelievably low prices or ask for excessive personal information.
  • Verify website authenticity: Before making any transactions or providing personal details, double-check the website's URL for secure connections (look for "https" and a padlock icon). Be wary of websites with slight misspellings or unusual domain names, as these may indicate fraudulent activity.
  • Read reviews and do research: Research the accommodations, airlines or travel agencies you plan to use. Read reviews from reputable sources to get an idea of other travelers' experiences and any potential red flags.
  • Use a security solution: A trusted security solution, such as Kaspersky Premiumwill protect you from all known and unknown forms of scams, including travel phishing.