The hustle and bustle of the holiday season finds most of us rushing around, short on time and patience, finalizing travel plans, and buying last-minute gifts. It’s the first holiday travel season for many since COVID-19 officially made its worldwide debut at the end of 2019.
Industry experts are predicting record-breaking numbers of international travelers over the next few months, mainly due to lifted travel restrictions across the globe and the strong position of the US dollar. What’s more, after months of supply chain shortages, holiday shopping is also predicted to make a solid comeback in the fourth quarter of 2022.
While most travelers are thinking about long-awaited family reunions and gingerbread cookies, the October Consumer Cyber Safety Pulse Report by Norton Labs showed that e-commerce scams have more than doubled since 2019. “And we expect even more this holiday season,” said Kevin Roundy, Researcher and Technical Director at Norton Labs.
“The holiday season can be a vulnerable time for travelers. During busy travel periods, we often see more delays and cancellations at airports – which leaves consumers stuck at airports for hours and turning to their devices and public Wi-Fi to pass the time,” said Roundly.
Holiday hackers know this and are waiting in the wings, ready to pounce. These cyber con artists are hitting consumers with an endless barrage of online eavesdropping, phishing scams, and fake websites – many of them travel-related – designed to catch you off guard and allow hackers access to your personal and financial data.
So, how can the travel consumer stay protected from these grinch-like cybercriminals? Cybernews has the answers.
Picture this scene:
You’ve made your list, checked it twice. You’re headed to the airport, looking forward to celebrating with family and friends. You pass through security and feel like you can finally relax for the first time in weeks.
While you wait for the flight to board, you settle into a seat, pull out your mobile phone, and log onto the airport’s free Wi-Fi. You notice you are low on battery. There is a free charging station nearby, so you plug directly into their USB hookup cord.
Next, you check your bank account balance and decide to buy one last gift for your great-aunt in Timbuktu. You search Google and find an online store guaranteeing Christmas Eve delivery, making the purchase with a credit card. You also check your email and see a message from your airline offering a free upgrade for your return flight in exchange for some frequent flyer miles. You click the link and take the offer.
Finally, you post an airport selfie on social media, captioning your destination. You hear your flight being called to board. As you get up, the paper version of your boarding pass falls to the ground. Distracted, you leave it behind.
No worries, you flash a digital QR code to the flight attendant and walk right through the gate, not realizing you’ve been hacked seven different ways, and it’s not even New Year’s yet.
Don’t think this could happen to you? The 2022 Oh Behave! Annual Cybersecurity Attitudes and Behaviors report shows, even after training, over 35% of tech users still fall victim to phishing attacks, and close to 25% will fall victim to identity theft.
The report, conducted by the National Cybersecurity Alliance (NCA) in September, “highlights how effective these scams really are,” said Lisa Plaggemier, Executive Director of the NCA.
Over the past five years, hackers have increased the number of airline-related scams intended to steal private information. Threat actors trick unsuspecting customers into giving up account numbers and credit card information through fake e-mails (phishing) or phone calls (vishing) luring consumers through frequent flyer loyalty programs, flight booking, refunds, and rescheduling.
Unpacking the scenario above, here are some of the best practices for 2022 to follow during this holiday season, according to experts.
Vulnerability #1 Logging into free public Wi-Fi
“It’s important to be cautious with how you use public Wi-Fi – such as the free Wi-Fi at the airport. Much of the data you transmit or receive over the network is unprotected, and anyone else on the network could spy on your information or even interrupt,” Roundy said. Hackers have even been using drones to land at airports to take advantage of public Wi-Fi vulnerabilities.
Roundy cautions that travelers could wind up directly connecting to what looks like airport Wi-Fi but, instead, is a fake hotspot broadcast by an attacker using a very similar website name – easy to miss when you’re a weary traveler. Roundy suggests asking an airline employee the exact Wi-Fi address before attempting to log on.
Other tips from U.S. intelligence agencies encourage travelers to purposely try to log in using a fake password. If it works, you know the site is fake or compromised. Once you are logged into a network, make sure to disable your Wi-Fi auto connect.
If you must use airport Wi-Fi, “travelers should use a virtual private network (VPN) or their own phone as a personal hotspot to surf more securely,” said Plaggemier. VPNs use end-to-end encryption to prevent a hacker from reading your data in transit.
Vulnerability #2 Public charging stations
No matter how tempting, never plug your phone into a charging cord or USB that is not yours. Attackers use public kiosks to siphon off personal information or upload malware directly onto your advice, such as spyware and even ransomware. Borrowing a “dirty USB” from a nearby passenger could easily compromise your device. Always bring your own portable charger.
Vulnerability #3 Phishing attacks and fake websites
“Phishing attacks are extremely common and get more sophisticated each year.” said Roudly. “In 2022, these fake sites that mimic legitimate sites, often very well, with engaging domain names and polished pages.”
Never open or click on links in suspicious emails. Even if you think it is legitimate, instead log into your account directly by typing in the web address on your browser to be sure.
“Travelers should also be on the lookout for flight-related phishing scams that grab the viewer's attention, said Plaggemier, “such as those that offer up faulty information about their upcoming flight or simply requires more attention from the ticket holder.”
Flyers should know the signs of a phishing email, such as addresses with spelling mistakes or strange characters, Plaggemier noted.
Vulnerability #4 Online shopping, financial accounts
Online shoppers should only shop from reputable retailers and double-check reviews to make sure they are legit. Consumers using a questionable site may receive a low-quality counterfeit product or nothing at all.
“Avoid any sites that require a password and sites on which you store or send credit card information,” Roundly said. Never input personal info or credit card information on sites using public Wi-Fi.
That includes shopping online as well as logging into your email or bank accounts.
Vulnerability #5 Posting on social media
Don’t overshare personal information on social media. This can give hackers access to a treasure trove of personal information they can then use to break into your accounts, guess passwords, and specifically target you or people close to you in a scam.
Norton also recommends to always minimize your location sharing when traveling. This prevents your device from being tracked on social media. Not only will it keep your home secure while away, but it will also help you protect your belongings at your travel destination.
Vulnerability #6 Boarding pass security
Similar to #5, giving away too much personal information on social media is a no-no: one should never post a picture of their actual boarding pass. And do not throw it out until you get home, preferably with a shredder.
According to the National Cybersecurity Alliance website, boarding passes, depending on the airline, can contain a lot of private information in the barcode, such as your full name, destination, a flight record number, and your frequent flier number, which in some cases is used as your account login.
Vulnerability #7 Lost devices
“Passengers should make sure their devices are password protected, and that they’ve opted into multi-factor authentication (2FA) measures for an added layer of security. Facial and fingerprint scans with frequent incorporation of passcode requirements increases the likelihood that their device is secure in the event it’s lost or stolen,” said Plaggemier.
Encrypting your devices and backing up your data will also help protect you in case of loss or theft. The NCA also reminds travelers to set up the “find my phone” feature on their devices.
If you’ve made it this far, one last vulnerability worth mentioning is shoulder surfing. This is when hackers physically spy on your device’s screen while you’re using it without you knowing. Pay attention to who is around you, even when you’re in your seat on the flight. Cyber intelligence agencies recommend using a privacy screen on your devices to restrict visibility.
Finally, before you head to the airport, double check that your anti-virus software is up to date. Make sure your passwords are following best practices in strength and length, and that you have enabled 2FA on all your accounts. It is also suggested to change them when you return from your trip just to be safe.
Cybernews hopes these online safety tips will put you one step ahead of hackers, not just this holiday season, but throughout 2023. Cheers!
More from Cybernews:
Subscribe to our newsletter