Now that it's June, many consumers are making plans for that big summer getaway. But few realize that the risk of identity theft goes up when traveling -- in fact, just booking your next trip online, especially during peak travel periods, can also put you at risk.
According to Javelin Strategy & Research, 12.6 million people were victims of identity theft last year -- that's a daily average of over 34,500 people. The most obvious risk for travelers is losing a laptop or smartphone -- but there are many other lesser-known risks too.
Here are four key risks travelers need to watch out for:
Stop Your Phone from Auto Connects -- Smartphones remember every WiFi network they've ever connected to -- and if you're phone has the WiFi function enabled, it is constantly searching for those networks (even when it's already connected). Criminals can set up WiFi beacons that will trick your phone into thinking it's found one of its 'trusted' WiFi networks. The phone connects to the unprotected network, and the attacker can see everything you do, steal your passwords and access the data on your phone. To protect yourself, disable this setting by turning on "Ask to join networks" on iPhones/iPads.
Beware of Card Readers -- Credit card readers are now frequently hacked, so be careful when using one of these at a store or gas station. ATMs can also be vulnerable, so try to avoid these at convenience stores and shopping malls -- to be safe, only use an ATM that is inside a bank.
Limit Your Risk of 'Bump Attacks' -- Most credit/debit cards today come with near field communication (NFC) -- a new technology that lets you wave the card instead of swiping it in a card reader to make a payment. NFC is also being added to many new phones, especially Androids. The problem, however, is that NFC can be hacked with a simple bump or tap of your card or phone (called a 'bump attack'). To limit your risk, only bring the cards you need for your trip and consider using a signal-blocking card holder. Disable NFC on your phone before traveling.
- Dangerous WiFi -- Believe it or not, there's really no such thing as 'safe' or 'protected' WiFi. Open public WiFi networks are notorious for exposing people's personal information to anyone who can download a simple man-in-the-middle or sniffing tool. But even 'secure' WiFi networks that require passwords can still be hacked -- exposing the data on your laptop or phone. A good rule of thumb when traveling is to limit your exposure to WiFi altogether. Consider using your phone as a hotspot or purchasing a mobile hotspot that works over a cellular network. If you must use WiFi, it's a good idea to use a virtual private network (VPN).
Identity theft can also happen before you even leave the house. Because of website flaws and new hack attacks, you can become a victim just by booking your next trip online. Her are four risks you need to watch out for:
Emailed Password -- Email accounts are often broken into, so don't trust them to store your passwords. Make sure to permanently delete any email with your password in it. Setup 2-factor authentication, offered by some email providers like Gmail, to reduce the chance of being hacked. Also consider using a strong password manager like 1Password to protect your accounts. Lastly, don't use your Internet browser's "save password" feature, because it doesn't necessarily have the same security controls and may leave you exposed.
Saving Your Credit Card Information -- Be wary of storing your credit card info on a website when you go to make a purchase. Reputable sites that have been around for years likely have strong controls around storing your credit card data, but smaller sites don't go through the same scrutiny. If possible, try to use a trusted payment provider such as PayPal or pay directly from your bank.
Unsafe Search Results -- Be careful about trusting lesser-known websites that may pop up in a Google or Bing search result. This is especially true if it's a trending topic -- like "travel deals for Florida" over the summer. Hackers often try to position infected websites at the top of the search results page. Your computer can get infected just by visiting one of these sites. Google and others have gotten better at removing these dangerous websites from the search results, but some still get through -- especially when it's a trendy topic.
- Don't Trust "Secured by Company XYZ" Logos -- Just because a website has the "lock" symbol in the address bar, or an httpS address, or a security logo from Norton, McAfee, or Trustwave, that doesn't mean it's safe. These logos often mean the website is following certain security practices, but doesn't necessarily mean they're doing everything they need to keep your data safe. It's generally safer to stick to well-known and reputable travel sites to book your itinerary-- think Expedia, Travelocity -- instead of smaller, lesser known sites that may pop up in Google Adwords. That's not to say that the major websites are completely safe -- many can still be vulnerable to hacking (like cross-site scripting, SQL injection), but with more popularity and experience on the web, they are likely to pay more attention to security.