The summer travel season is just around the corner and an estimated 60% of Americans planning at least one trip between now and September, guess who’s coming along for the ride? Yep, hackers.
With nearly 200,000,000 tourists to feast on, cybercriminals are already setting up ways to snare travelers’ sensitive information.
Hank Schless, a cybersecurity expert with Lookout, told ConsumerAffairs that hackers will be trying to take advantage of travelers who have their guard down and are worrying about other things in unfamiliar environments, like airports and cafes.
Although many airports are offering free Wi-Fi connectivity, Schless says travelers should think twice before connecting to the first network they can find. He said attackers have been known to set up fake networks -- with obvious but convincing names like "Starbucks_Guest_WiFi."
“Once you connect, they'll gain access to sensitive information, including your login credentials, emails, and messages,” he cautioned. “In order to protect yourself from wifi threats, alter your device’s settings so that it does not automatically connect to nearby networks,” a suggestion he made, adding that his company’s app performs that scan automatically.
Don't accept USB cords from strangers
Another trick of the trade that hackers have developed is exploiting USB chargers by loading malware onto them. This allows them to infect a person’s device the moment they plug it in.
“Always be aware of your surroundings,” Schless said. “If someone approaches you and offers their USB charging cord, it is best to decline. The easiest place for a scammer to steal or hack your phone is in crowded areas – so never leave your phone or device unattended and only let people you know ‘borrow’ your devices.”
Schless suggests that travelers pack their own personal USB cords and plug chargers directly into an electrical socket – not a USB port – if possible.
Beware of smishing messages while traveling
Another scam that Schless says travelers need to watch out for is smishing, which is a type of social engineering scam that exploits text (or SMS) messages.
“It’s important to be on guard for travel-related email, text, and social media scams as well. Attackers may try to steal a traveler’s credentials through phishing campaigns that pretend to be an airline, credit card company, or TSA,” Schless told us.
It’s true that the TSA does send renewal reminder texts and emails, but Schless says travelers should always go directly to the TSA website for information on their existing accounts.
Until there are no more smishers left on the planet, Jason Hong, a researcher in Carnegie Mellon’s CyLab Security & Privacy Institute and Associate Professor in the Human-Computer Interaction Institute, told ConsumerAffairs that the public has to take extra precautions when a text message – like one from the TSA or an airline – says something is urgent.
“Don't fully trust any info in a message. Names, phone numbers, and links can all be easily faked," Hong said. “If the message says it's from your bank and they need you to call a number they sent, don't trust that! Look up the phone number using a search engine or on the back of your credit or debit card.”
He added that one sure way the public can protect themselves is to only click on links if they were expecting a message from that service or person. If it’s an unsolicited message, use extreme caution and don't click on any links until you verify who the sender is.