With travel spending projected to soar this year, it is more important than ever to ensure you have a safe trip. Cybercriminals will be out for a slice of your vacation funds, but with the right precautions, you can drastically reduce their chances of ruining your break.
This year looks set to be a tourism bonanza for many Americans and citizens of other developed countries. Seven in ten respondents in the US, UK, Canada, Japan, and Spain told the World Travel & Tourism Council that they intended to spend more than five times as much on travel in 2022 as they have done in the previous half a decade.
Given the restrictions that multiple lockdowns put on the public over the past two years, that is hardly surprising – but with online scammers having flourished during this difficult period, holidaymakers are being urged to practice cyber hygiene like never before. To help bring the message to the potentially unwary, Cybernews has collated useful security tips from a range of experts.
Keep it private
“Staying safe virtually when you're on vacation surely isn't easy,” says Bill Mann, cybersecurity professional at Restore Privacy. “There are many risks that will present themselves, and can turn a great time abroad into an absolute nightmare. It's OK to let your guard down when you're on vacation, but you can't do that virtually, or else you could lose all of the money in your bank account, access to your email, and a whole lot more.”
Mann’s go-to solution for mitigating this risk is a virtual private network (VPN). “I always recommend that travelers install a good VPN on their phone, tablet, and computer before they travel,” he says. “It scrambles your location and essentially confuses anyone attempting to dig into your accounts and find your personal information. Some people think that being far from the rest of civilization on a beach somewhere will keep them safe, but that's not enough. You really need that extra precaution to be truly secure.”
Other industry professionals agree but point out that VPN technology is not always accessible, depending on which country you are traveling to.
“It’s imperative to understand that VPNs are against the law in some countries – for example, China – and you won’t have much choice other than to use burner equipment,” says James Carder, chief security officer at LogRhythm. “In this instance, you’ll need to be careful of what you communicate, with the assumption that it will be intercepted and read, recorded, or searched.”
And for those who can’t or won’t leave their job behind even when they’re abroad on vacation, a VPN can pose additional problems. “The limits and drawbacks of VPNs are usually around the legal aspect with certain countries and the speed of the network,” says Carder. “VPNs add a layer of overhead that can impact your ability to get work done as quickly as you are used to. If you are using a VPN a great distance away from where your employer HQ or data center is, and it’s a point-to-point connection, the service can be very slow.”
To get around this, Carder recommends that vacationing workaholics use secure access service edge (SASE) tools: “You can hop into a secure network closer to your location and still have the effect of a VPN by having secure communications to the applications and data you need, whether those are in the cloud or on site elsewhere.”
Look before you leap
Of course, simply securing your own device is not the end of the story. Vacationers should be careful what they connect their devices to, physically and digitally, both when they are traveling to and from their holiday destination, and once they have arrived there.
“Verify the name of the public Wi-Fi from the establishment before you connect,” cautions Burton Kelso, chief technology expert at Integral. “Hackers will create fake Wi-Fi access points that look legitimate, so you should always verify the correct name before you connect. Most establishments will have you log into their Wi-Fi network rather than just having an open network.”
Avani Desai, CEO of IT risk management firm Schellman, agrees that Wi-Fi is a danger to devices, even more so when it is accessed from a transitory location such as an airport or train station, where it can provide threat actors with a sweeping attack vector.
“Do not fall prey to the convenience of open or encrypted Wi-Fi while traveling on vacation,” urges Desai. “Open Wi-Fi networks are tricky nowadays because of whom they serve – people passing through. This is the perfect environment for data thieves, a steady stream of fresh targets. Many are often so busy, it takes a long time for any damage to be detected – and by then, they might have been connected in multiple places, making it hard to figure out where a breach occurred.”
Moreover, locations that provide open Wi-Fi access allow all computers connected to that network to effectively see everyone else’s communications. Known as “sniffing”, this technique can be used by criminals to harvest data.
“A sniffer is a way to eavesdrop on conversations originating from your computer,” explains Desai. “The danger is that sniffers are hard to detect. A computer’s wireless card is always receiving traffic. The reason you cannot identify a sniffer is because all computers are technically sniffing – the problem is in the user's intent with the data it receives. A sniffer will process all data, including any between you and the internet. A legitimate user will drop all communication not bound for that computer.”
And when it comes to hoodwinking travelers, threat actors have taken a step into the physical world, too. “One of the more recent avenues that cybercriminals are pursuing involves the installation of fake USB ports for charging devices in airports, train stations, bus terminals, and other transitory areas,” warns Charles Catania, chief communications officer at software firm Modulus. “It looks like your average charging port – but is actually used as a conduit to steal your data.”
To guard against that, Catania recommends that holidaymakers and other travelers charge their devices while in transit using their own portable power banks.
Beware false friends
Just as traditional street scammers are always ready to cheat unwary or gullible tourists out of their money, their cyber cousins will also be happy to have a go. Travelers who might normally think twice when not on holiday might be more readily enticed to click on a suspect link while their guard is down.
“Every year we see an uptick in scam messages around holiday times, and it is super common to see scams targeting travelers and vacationers,” says Tyler Kennedy, who has developed an app to block spam texts.
“Scammers are creative and will target you with messages related to your hotel room or airline flight. Make sure to never click on any links from a sender you do not recognize. These scams can target your credit card or account passwords. Remember, just because you are on vacation doesn’t mean scammers are.”
“Just as you do at home or work, be careful of fake sites and malicious links [when traveling abroad],” adds Jonathan Zacks, co-founder of GoReminders. “Check every website you visit for the HTTPS [at the] beginning [of the URL] – that S means the site is secure and that your data is encrypted.” By contrast, sites beginning with only HTTP should be treated with caution, as they are typically unsecured connections.
One of the greatest risks to travelers nowadays probably comes from social media – it is here that enthusiastic holidaymakers can unwittingly give troves of crucial personal data to threat actors. According to Daniel Foley, SEO specialist at Planday, more than two-thirds of tourists still insist on posting images and status updates while traveling – and for most cybersecurity experts, this is a no-no.
“Potential thieves may keep track of your schedule or whereabouts if you share it on social media, making it simpler for them to time a crime,” adds Planday, a reminder of how poor cyber hygiene can also facilitate old-fashioned physical thefts like burglary. “Instead, wait until you get home before posting about your vacation.”
Adam Wood, Co-Founder of RevenueGeeks, agrees that covering your tracks while on holiday can help avoid a painful end to your vacation – even if you don’t get burgled while away, careless posting can still have unwanted repercussions.
“You don't want to see waterfall tour ads for the next month just because you looked up a waterfall tour while on vacation,” he says, recommending using a private browsing mode to avoid ad trackers. “Set your content blocking to strict if you truly want to remain anonymous,” he adds.
Others are blunter in their views on social media vacation posts. “Do you believe that the photos you share are secure?” asks Max Shak of Abtron. “We can't tell you how many [bad actors] misuse your images, so be careful and think before posting.” Or, as James Wilson, privacy expert and founder of MyDataRemoval, puts it: “Don’t post stupid things on social media.”
… and don’t neglect the basics
Of course, some aspects of cybersecurity boil down to simple common sense. Tourists in any era have always been at risk of physical theft, and if you are unlucky enough to have your tablet or smartphone pinched while abroad, you don’t want them accessing all the valuable data held on it.
“Make sure you have passwords or PIN numbers on all of the tech you carry with you,” says Kelso. “Smartphones, tablets, and laptops are high-theft items – if you're like me, your smart devices are your life, and if your data wound up in the wrong hands, it would be a disaster. When picking a PIN or a password, use a strong one that will have the most skilled cybercriminal scratching their head.”
But for other cybersecurity professionals, mere passwords and PINs are not enough nowadays. “To protect important accounts like email, online banking, and social networking, your usernames and passwords are insufficient,” says Wood. “Prepare for your summer adventure by securing your online accounts and enabling the most advanced mechanisms available, such as biometrics, security keys, and multi-factor authentication.”
On the other hand, Isla Sibanda, ethical hacker and cybersecurity specialist at PrivacyAustralia, says that passwords are fine on holiday – but only if they are specially protected for safe use during travel. “Invest in an application that will safeguard all your passwords with encryption and allow you to access them on any device,” she says.
More from Cybernews:
Subscribe to our newsletter