Memorial Day is just around the corner, and with it the kick-off to the busy summer travel season. But before you head out the door for that family vacation or couple's get-away, it's important to keep digital security top of mind.
Digital security is a growing problem in general for US consumers, but traveling may increase these risks for many people because it forces them out of their 'comfort zones.' What do I mean by this? When people travel, they're compelled into trusting unproven outside networks and services (like in-flight WiFi), they're corralled into locations that are easy for attackers to surveil and target (airports, hotels, 'tourist traps') and they're more likely to be distracted, sleep-deprived, intoxicated, hurried, etc., all of which makes it easier to exploit them.
Then there are the devices. Most travelers bring smartphones, tablets, laptops, e-readers, and other devices with them. They also log into (or never sign out of) dozens of online accounts, mobile apps and games, which can reveal sensitive information about the user if intercepted by a hacker.
It's a perfect mix for attackers, and over the next few years, travelers will increasingly find themselves targeted by criminal groups, who prey on this confusion to defraud large numbers of people at a single go.
Here are five digital risks travelers should guard against:
Infected Point-of-Sale Systems:
Hotel and retailer point-of-sale systems are often insecure, and susceptible to network breaches and malware which can lead to stolen card numbers and other details. Although the credit card industry has been pushing retailers to adopt a new, more secure system known as EMV (aka "smart cards" or "chip-and-pin"), the adoption rate has been slower than expected.
For travelers, it's important to keep in mind that hotels and restaurants often have a below average track record with cybersecurity. According to Verizon's 2015 Data Breach Investigations Report, hotels, restaurants and casinos had the worst rate of point-of-sale breaches of any other sector - with 91% of security incidents directly attributable to point-of-sale compromises. Overall, it was the fourth worst industry for stolen data in general, with a 36% markup over traditional retailers.
Tips for travelers: Use a credit card instead of a debit card for these transactions, as it's easier to dispute fraudulent use. Additionally, consider having a dedicated travel credit card in order to better monitor for fraud.
Man-in-the-Middle:
WiFi is always risky to use. Period. I know it's super convenient, and we all do it, but when traveling, it's important to remember just how vulnerable wireless transmissions really are.
It's not that hard for a hacker to crack into your WiFi connection, even if it's password protected. In fact, there are a number of free or inexpensive online tools people can download that will do it for them, if they don't have a lot of technical skill. They can do this by creating a fake WiFi access point which you mistakenly connect to, spoofing a trusted WiFi access point to your phone, or breaking into the connection between you and the legitimate access point.
If a hacker is able to eavesdrop or inject into your WiFi connection, she can steal your passwords, cookies, and any transmitted data; she could also potentially infect your device with malware.
Tips for travelers: Protect your WiFi connection by using a virtual private network (VPN) when you surf the web. Additionally, go through your devices and sign out of all online accounts, clear histories and erase all stored cookies before you travel. Also consider going one step further by using a unique browser when you travel - for instance, if you're a Chrome user, use Firefox or Opera instead.
Hotel and Car Lock Bypasses:
The keyless electronic door locks to your hotel room or rental car could be hacked.
In recent years, security researchers have discovered serious vulnerabilities in hotel and car keyless electronic door lock systems, which have since been exploited by real-life thieves. Police have investigated a number of hotel room burglaries and car thefts that were enabled by hacking tools specially developed to exploit these flaws.
How often do you leave your electronics in the trunk of the car or in the hotel room? Keep in mind that if the computer or phone you lose has company data on it, or merely has access to the data, you could be responsible for a data breach which the company will have to publicly disclose. This is particularly true for data containing health records or personally identifiable information.
Tips for travelers: Don't leave electronics in your car or your hotel room, if at all possible. If you have to leave it in the hotel room, at the very least use a computer cable lock (Kensington, Tryten, etc.) that will make it harder to steal. Additionally, make sure you've got full-disk encryption on your laptop, tablet and phone, as well as password screen lock and anti-theft technology which will enable remote locking/wiping/tracking/data recovery (examples: LoJack, Prey, Intel, Norton). When sleeping in your hotel room, always use the deadbolt or door guard to secure the door against a lock bypass.
Malicious Staff:
How well do you trust the housekeeper who cleans your room?
Theft and identity fraud rings are regularly found operating out of hotels - and if you're traveling overseas, this risk could be even higher.
Returning to the point mentioned above, if you leave electronics in your hotel room unprotected, you're exposing them not only to theft, but to tampering as well. Any person who has physical access to your electronic devices can easily log into your accounts, steal data, copy the hard drive or install spyware on the device.
Tips for travelers: Again, use a computer cable lock for laptops, or the hotel provided safe for smaller electronics, full-disk encryption, password screen lock and anti-theft technology. However, you should also block access to the device ports - use a USB lock to prevent an unauthorized user from installing software or copying files.
Social Media-Based Scams:
Over-sharing on social media during a trip can expose both you and your loved ones to fraud.
First, if you upload photos, you could be broadcasting your exact physical location to anyone else who sees it. That exposes you to potential burglary and other physical crimes, since criminals know both where you are and where you aren't.
Because "geo-fencing" services are starting to become more widely available, an enterprising criminal could also hunt for targets in nearby areas.
Since social media provides a wealth of detail on people, it's also easy to create a "social engineering" scheme based on this publicly accessible data.
Tips for travelers: Disable the GPS setting for your photos, and be careful about sharing too much specific information (i.e., hotel, daily destinations) on your social network feeds while you're away.