Here's a new acronym to be afraid of: CSIM, or Client-side injected malware.
This is an intrusion that occurs via a customer's browser and comes from items such as widgets, advertisements and spyware scripts that have been both intentionally and unintentionally installed.
Anti-CSIM vendor
Namogoo has analyzed the
travel industry and found some real vulnerabilities — CSIM-infected computers have jumped from 5% to nearly 30% of visitors to travel and hospitality sites.
More than ever before, malware developers are targeting travellers with Client-Side Injected Malware (CSIM) that drastically alters the travel purchasing experience.
Unbeknownst to the vast majority of travel brands and website publishers, CSIM is eroding brand integrity much faster than other, current loyalty dynamics in the space.
The vulnerabilities for travel brands include malware that pops up with competing offers, thus pulling shoppers away and into someone else's funnel, as well as false ads and injected surveys that affect the site's overall user experience while also impacting revenues.
Vulnerable users are those that have certain extensions installed in their browsers or that have unintentionally downloaded something that includes the CSIM.
There's no real way for the user to know that the malware is coming from their local computer, and in many cases the malware interface is built to not look so far outside of the normal as to be suspicious to the average user.
Of course, to us, it's obvious that the overlay is a bit odd given the junky design — as in this British Airways example:
The user may not also realize how to eliminate the CSIM themselves as it's not always clear what extension or download triggered the problem.
That makes it even more essential for websites to protect themselves from clients that have not safely managed their own browsers.
Other examples of what a malware-infected travel sites would look like on
Delta,
Booking.com,
Hilton,
JetBlue and
Starwood. To be clear, this is "client-side" malware, which means that it comes from the customer and not the website itself.
The company's analysis has found a higher rate of infection among travel aggregators. The financial impact could be significany. With $750 million spent on travel ads in 2013, each invastion costs money.
Namogoo estimates that $80 million to $100 million of that was siphoned via CSIM. That's $11 for each $100 in ad spend!
Given the higher value of the average purchase in travel, there is a very real loss of revenue that could occur with any unwanted or unknown interference with a customer's purchase path on a travel site.
Read the full report
here.