“Never share private information on a public computer” is a standard, longtime Internet safety rule.. Ideally, any password-protected activity, from checking your email to monitoring your online banking accounts, should only ever be done from your own personal device (outfitted with all proper security software, of course).
If you need another reminder of why you should follow this rule, the latest post from security blogger Brian Krebs provides one: “Beware keyloggers at hotel business centers.”
As the name suggests, keylogging software is a form of malware that literally logs your keyboard activity – in other words, keeps track of every button you type, so if you check your email, use a credit card, manage your bank account or anything else on a computer outfitted with keylogging software, whoever installed it now has a record of your passwords, credit card numbers and everything else you typed.
And apparently, there's a big problem with thieves secretly installing keylogging software on hotel computers, big enough that the U.S. Secret Service is, according to Krebs, “advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.”
Secret Service advisory
The Secret Service issued a non-public notice about it on July 10, including tips for various ways hotels can try to keep their public computers safe.
Unfortunately, as Krebs pointed out, an ordinary hotel guest has no way of knowing which hotel computers are safe, and which are not, which is why public computers should never be used for anything more than casual web browsing. If you need to do more than that, here's what Krebs advises:
If you’re on the road and need to print something from your email account, create a free, throwaway email address at yopmail.com or 10minutemail.com and use your mobile device to forward the email or file to that throwaway address, and then access the throwaway address from the public computer.