Wi-Fi hotspots, public charging stations, and travel planning sites seem helpful, but they could actually be a traveler's worst nightmare.
With the holiday season approaching, many people are gearing up to visit family and friends. Travel has become much easier over the years with advancements in technology helping travelers book hotels and experiences, get more information about destinations, communicate with friends, navigate unknown territory, and more.
However, laptops, smartphones, and tablets also open travelers to greater cybersecurity risks, said Clay Miller, CTO of enterprise security company SyncDog.
SEE: Business pro's guide to hassle-free travel (free PDF) (TechRepublic)
"Everyone is pressed for time and always looking for convenience. This natural gravitation toward convenience can sometimes leave security considerations far in the background of our decision making," Miller said. "Unfortunately, there is a host of nefarious players looking for any opening to exploit those who are less than security conscious. Just a simple oversight can lead to severe consequences for an individual who has been compromised."
These risks are always present, but they become even more severe during the holidays, said Tom Kellermann, head cybersecurity strategist of VMware Carbon Black.
"Hackers are always looking for ways to take advantage of people who are distracted and unaware of their surroundings, and holiday travelers fit the profile to a T," Kellermann said.
With more than 55 million Americans planning to travel at least 50 miles for Thanksgiving this year, according to AAA's travel forecast report, many people run the risk of having their devices compromised.
While gifts are common during the holiday season, no one wants to receive a virus or infected device. To help travelers stay protected, here is a list of the biggest tech traveling threats.
Top 5 traveling threat vectors
1. Travel sites
Travel-related cyberattacks can occur even before the trip begins. While vacation planning sites can be useful, the user must ensure the site is credible. Many scammers will pose as these sites, pretending to offer luxury vacations, travel coordination, discounted trips, and timeshare sellers, according to the Federal Trade Commission Travel Scams page.
"Cybercriminals follow the money, and unfortunately, travelers are constant targets because they are actively looking to purchase their perfect trip online," said Kevin Epstein, vice president of threat operations at Proofpoint. "We recommend travelers avoid clicking on strange URLs that do not connect back to an official trusted brand, messages that have obvious spelling or grammar errors, and suspicious emails from friends or colleagues floating a deal when you never discussed it with them.
"Whether the scammer is simply seeking your credit card or more actively luring you into physically unsafe situations, if an online deal looks too good to be true in a social media post or in an email message, it probably is," Epstein said.
Another best practice for booking tickets or hotel rooms online is to use a credit card instead of a debit card. "Credit cards offer the best liability protection against potential fraud in case you fall victim to a cyber predator," Kellermann said.
2. Social media and out-of-office messages
Going on a vacation is exciting, but users should avoid sharing that excitement on social media. Posting on social media about vacations is an open invitation for cybercriminals. The same goes for setting up out-of-office messages, Epstein said.
"Would you post a sign on your front door announcing your residence was vacant? Out-of-office messages can effectively do that, when they're not set to reply to only your office," Epstein said. "If your social network or auto-responder shouts your absence to the world, you're giving thieves carte blanche to visit."
Posting details about a trip on social media can also give cybercriminals ammo for attacks. "Be careful what you post on social media before returning home. Attackers can use those details to add veracity to calls to unwitting relatives and friends, claiming you've been mugged and need bail or money wired to pay fines," Epstein said.
3. Public charging stations
Public charging stations at airports or other public places are extremely convenient, but are also a convenient way for a device's data to be compromised, Miller said.
"Connecting a mobile device via USB to a piece of hardware in an airport, library, or coffee shop means that you are connecting your device to hardware that is outside of your control," Miller said. "It may be perfectly fine, but there is a risk of data transfer being initiated or something even more nefarious like rooting the device."
Plugging a device directly into the wall is fine; the risk comes when the device is plugged into a separate unit, Miller said.
An easy way to avoid these risks is with a personal portable charger for your smartphone.
4. Public Wi-Fi hotspots
Nearly all public places offer Wi-Fi, which can be extremely helpful for those needing to access the internet while traveling. However, many of these public Wi-Fi networks are not secure, allowing hackers to easily observe a user's activity.
Airport Wi-Fi networks are notoriously risky to join, and "while 'free' Wi-Fi is tempting, it's an easy hotspot for hackers to view what you're browsing and steal personal information," Kellermann said. "Particularly savvy threat actors will go as far as to set up honeypot Wi-Fi networks, mimicking official airport of coffee shops network names and collecting the information of anyone unfortunate enough to fall for the ruse and connect."
"Assume that you're being observed and every bit of Wi-Finetwork data is monitored; only use a VPN or your cellular connection for transactions involving sensitive information," Epstein said.
Other avoiding public Wi-Fi or using a VPN, users should avoid banking activities or payment transactions until interacting on a private network, said John Bennett, general manager of LastPass.
5. Stolen device
The chaos of travel can make it easy for people to leave things behind or leave devices unlocked. A stolen, lost, or unlocked device is a quick way for private information to get into the wrong hands.
"It seems simple, but simply leaving your phone unlocked and unattended can lead to someone compromising your information," Miller said. "Given enough time, they may root your device, install keyloggers or other malware, or simply copy your private information for later use. An unlocked phone is vulnerable to anyone with physical access to it, and especially vulnerable is stolen."
Users should make sure devices have the most up-to-date software and security standards before traveling, Kellerman said.
"For an extra step of security, when you return home and are on a secure network, update all passwords to keep your accounts secure," Bennett said.
For more, check out Top 5: Ways to keep your data safe while traveling on TechRepublic.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)