Having your online data locked may be the last thing on your mind when rushing into the airport to check departure times and work emails.
Add to that the coronavirus concerns and “we can expect travelers to be very distracted and let their guard down,” said Daryl Crockett, CEO of ValidDatum, a data management and cybersecurity company.
Hackers have advanced tactics to prey on online victims, and fraudulent airport Wi-Fi is just one of the ways they trick travelers. Hank Schless, senior director of security solutions at cybersecurity firm Lookout, points out that we may have been taught to install protections like antivirus software on our computers, but our personal devices remain vulnerable – and a point of view. privileged entry for cybercriminals.
“They take advantage of the trust we have in these devices against us and know that they are a treasure house of personal and corporate data,” said Schless.
Here are seven ways travelers can protect themselves from hackers.
The public WiFi that we often rely on far from home can be filled with cybersecurity landmines. Places travelers linger – like airports, train stations, and coffee shops – can be prime targets.
“Although many airports offer free Wi-Fi connectivity, you should make sure that you join the actual official airport network and not a similar network that is configured to trick travelers into giving up their usernames and words. password, ”Jeff Sakasegawa, trust and security architect for fraud protection firm Sift, said.
Schless said attackers have been known to set up fake networks with compelling names like “Starbucks_Guest_WiFi” or “Free_PennStation_Internet”, where they can hack your device. This method can route all of the victim’s traffic through their system, which could expose their sensitive work data or personal information, such as login credentials.
Hanson said travelers should treat their use of public WiFi “like someone is looking over your shoulder” and avoid logging into sensitive accounts like your bank, healthcare provider, or even the media. social.
Another significant risk for travelers is using a charger that is not yours, Schless said. He warns against accepting a stranger’s offer to borrow his charging cord.
“Attackers can exploit USB cords and load malware onto them that loads onto your device the second you plug it in,” he said.
In 2019, the Los Angeles County District Attorney’s Office warned travelers about the USB charging scam, also known as “juice jacking.” They discouraged travelers from using charging stations that could expose devices to malware attacks that can lock down devices and then export sensitive information like passwords and bank account numbers.
If your personal devices are programmed to automatically connect to WiFi networks, Hanson recommended turning them off during travel.
Additionally, she said, travelers should turn off their WiFi and Bluetooth when not in use for added protection.
An added bonus: you will save precious battery power.
To stay up to date on your accounts while traveling, Crockett has asked travelers to turn on alerts for their credit card and banking apps. This will allow the company to alert you to any unusual expenses or connections.
Crockett also advised travelers to know how to lock their debit or credit cards before they hit the road. If you lose or misplace them during the trip, you can lock them to prevent fraudulent use.
Rather than relying solely on a password to unlock accounts, Hanson suggests adding two-factor authentication – requiring both a password and a unique code. Even if a hacker had your password, they would need to physically have one of your personal devices to obtain the second step code.
Better yet: Hanson suggests enabling biometrics – i.e. a fingerprint or facial ID – to open your devices or apps.
Crockett recommended that travelers get a virtual private network (VPN) that will encrypt most data sent and received by phone or laptop. She suggested going to McAfee to find a package that offered VPN protection for multiple devices. Many workplaces also offer VPNs on company devices.
Hanson cautioned against using a free VPN. “If it’s free, you could be the product,” she said.
Another option is to download a security app for your phone to prevent mobile phishing attacks.
The most common way for attackers to steal login credentials these days is through phishing campaigns designed by social media, Schless said. By pretending to be an airline, credit card company, or online retailer, there is less chance that a scam will be detected or blocked by automated protections.
“On mobile devices, these campaigns can be run through SMS, email, social media platforms, third-party chat apps, games, and even dating apps,” Schless said.
For example, Crane Hassold, director of threat intelligence at Abnormal Security, a cloud-based messaging security platform, said he recently noticed cyber attacks targeting travelers posing as the Transportation Security Administration by mail. electronic.
Here’s how it works: A scammer will send an email telling the recipient that their TSA PreCheck needs to be renewed. The link in the renewal email leads to a fake but apparently legitimate site where hackers can accept payment and steal a victim’s personal information.
Although the TSA sends renewal reminder emails, travelers should go directly to the TSA website for information on their existing accounts.