As more people travel during the holidays to vacation and see their family members and friends, the odds that hackers are waiting for unsuspecting targets rises exponentially.
Travelers have a lot of down time as they wait for their planes, trains and rental cars. Many people buy last-minute tickets online for entertainment, transportation or gifts and often are using unsecured networks.
Cyber criminals take advantage of consumers who let their guard down, are in a rush and are stressed from delays in flight and train arrivals.
Here are 18 tips to avoid being scammed by hackers as they attempt to steal your identity and financial information and commit fraud.
1. Use a Credit Card for Everything
Never use your debit card while traveling.
Every time you purchase tickets or an item on your smartphone or swipe at a card reader, your credit card will protect you in the event of a hack or fraud, said Alex Hamerstone, GRC practice lead at TrustedSec, a Strongsville, Ohio-based cybersecurity company.
“A debit card will allow the criminal to withdraw your funds right away,” he said. “A credit card gives you more time to dispute the charges before they actually impact your bank account.”
2. Be Careful Where You Swipe
All card readers are not secure. It’s a good idea to bring cash or a credit card that you only use for traveling. Be judicious about where you swipe, Hamerstone said.
“You’ll have to use your card somewhere, but you don't have to put yourself at added risk,” he said.
Avoid higher risk situations such as commercial ATMs at airports, hotels and convenience stores — always use the ATM at the bank to withdraw cash, Hamerstone said. Skip the snacks on your next flight if the airline requires payment.
“You have no way of knowing if those hand-held card readers the flight attendants use are fully up to date and secure,” he said.
3. Check the Website Address Before You Make a Purchase
Before you book a hotel or car or buy tickets to see a show, especially if it’s with a company you have never used, make sure it’s the actual website for the company.
“I have been tricked by this when the top Google result is a third party,” Hamerstone said. “This is one way criminals can scam you by impersonating legitimate companies and it's harder to tell on your phone whether a company is ‘real’ or not.”
Visiting the wrong site can also cost you in other ways, like missing out on your reward points, he said. Third-party sites also make it hard to cancel or change a reservation.
4. Skip Deals That Are Too Cheap
Deals that are too good to be true usually are, so be careful when hunting for travel discounts, Hamerstone said.
“It's extremely easy for hackers to create fake sites that offer too-good-to-be-true deals or to distribute phony coupons via social media and email,” he said. “People are more susceptible to this when traveling since they’re rushed, stressed and eager to save money.”
Mobile websites require less development and sophistication than a regular browser so it is easier for criminals to create legitimate-looking sites that will trick you, especially when you are tired and distracted.
5. Never, Ever Use Free Public WiFi
The worst thing you can do when traveling is to use the free public WiFi at airports, train stations, malls or restaurants. Your mobile apps are at risk, too.
It’s easy for criminals to spoof a legitimate access point or intercept your connection, Hamerstone said. Always use your phone’s cellular connection instead of WiFi to book reservations online or to make other orders or purchases.
“You can use this on your phone or use your phone as a mobile hotspot, but either way the mobile signal will be harder for run-of-the-mill criminals to hack,” he said.
People have heard a million times by now that they shouldn't use public WiFi, but they still do it, said Jason Glassberg, co-founder of Casaba Security, an ethical hacking company headquartered in Redmond, Washington.
“But they also think that as long as they are 'only' using mobile apps and aren't surfing the web with a browser, they’re not at risk,” he said. “Using mobile apps over WiFi is just as risky and the same goes for installing new apps or updating existing apps. You never want to use an untrusted network, period,” Glassberg said.
Once you share your data, you have virtually lost all control of it.
“My data was exposed in the Marriott (MAR) - Get Report hack through no fault of my own,” Hamerstone said. “It’s better to limit your online bookings to a couple of sites rather than trying out new ones all of the time. The more places your information is stored, the more likely it is to get hacked. ”
6. Beware of “Shoulder Surfing.”
Watch out for “shoulder surfing” when you travel. This happens all the time on planes, trains and other public transportation and people in the infosec community regularly joke about it on Twitter, (TWTR) - Get Report Hamerstone said.
“You’d be amazed how often people with sensitive jobs don’t pay attention to what they are inadvertently sharing with their neighbors via their phone or laptop screen. Regular consumers also need to be mindful of this as they can expose their logins, card numbers and other details by not hiding their screens.”
7. Don’t Post Photos of Your Airline Tickets on Social Media
You might be excited to head to a new destination for a holiday, but hackers are reading those posts also.
These might contain sensitive information such as booking codes or confirmation numbers which a criminal could use to steal your identity, Hamerstone said.
8. Use a Credit Card That Is Dedicated to Traveling
When you travel, make sure that you use a credit card that is not attached to hefty lines of credit, said Thomas Hatch, CTO and Co-Founder at SaltStack, a Lehi, Utah-based provider of intelligent IT automation software.
It’s better to detach your finances because once your card is compromised it is very easy for a hacker to piggyback off the personal data to draw more funds or break into additional accounts, he said.
9. Lock Your Smartphone
When you stay in hotels and travel using public transportation, the chances are high that at some point you will leave your phone unattended where someone else can access it, said Glassberg.
“Maybe it’s just a 30-second run back up to the hotel's breakfast buffet to get more coffee,” he said. “Maybe it falls out of your pocket. Whatever the situation, it's a good idea to lock your phone with a PIN and use biometrics too, if you have that option. You should also set up lost device tracking and be able to remotely lock and erase the device.”
10. Don’t Be a Phisherman’s Friend
The holiday period attracts spammers and phishers as more people are booking travel and buying gifts.
Emails that arrive in your inbox with time-limited offers which you didn’t expect are to be regarded with suspicion, said Richard Gold, head of security engineering at Digital Shadows, a San Francisco-based provider of digital risk protection solutions.
“If you’re in doubt, go to the website itself (don’t click the links in the email) and check if the offer is valid.,” he said.
11. Post Limited Information on Social Media
Cyber criminals can derive a significant amount of data about you from your social media accounts, said Hatch.
“Avoid giving out your travel plans publicly until you have returned, he said. “Letting thieves know you are not home opens the door to not only to your home in your absence, but it lets hackers know that they will likely have more lead time before detection of you are hacked while away from home.”
12. Don’t Give Out Financial Data While Talking on the Phone
Don’t share your phone calls with the world, Glassberg said. Often people will call the hotel or car rental company while they’re waiting to disembark from the plane and they are sharing confirmation codes, credit card numbers, phone numbers and other personal details.
“If you can’t wait to do the call in private, then at least use earphones and lower the phone's volume — and don't read out your card number,” he said.
13. Don't Store Sensitive Documents/Pictures on Your Phone if You Are Crossing Borders
Custom agencies can examine any data on your phone and can reveal them, Glassberg said.
14. Don’t Sign Into Unencrypted Websites When You Travel
Unless the site begins with https, (with the 'S' on the end) it’s not encrypted and your information could be visible to others who may be eavesdropping on your connection or the site itself, Glassberg said.
15. Don’t Try to Guess the URL
When you are traveling and doing everything from your phone where the screen is smaller, it’s easier to get tricked by a fake site, Glassberg said
“Don’t make the mistake of trying to type in the website that you think is correct but may not be,” he said. “Hackers use a tactic called ‘domain squatting’ to infect people who land on the wrong URL for well-known companies. When you aren't sure, Google the company’s name and click on the valid website.”
16. Turn Off the Notification Settings on Your Phone When You Use Public Transportation
These notifications can expose sensitive information like two-factor authentication codes to people nearby, Glassberg said.
17. Don’t Use Publicly Available Printers
Avoid using the printer at the hotel business center or at an Airbnb house. A printer stores the information it prints, so it is possible for someone else to recover your sensitive information, Glassberg said.
18. Disable Bluetooth on Your Phone, Tablet and Laptop
A criminal could use this to eavesdrop on you or send you malicious files or images, Glassberg said.
“For instance, for a while men were sending nude photos to female passengers on NYC subways via publicly available AirDrop connections,” he said.