En español | Whether you’re in the airport, at a hotel, on a bus or in the air, cybersecurity experts say, travelers should be as careful about their digital security as they are about their personal security.
“Be aware of your digital surroundings just as you’re aware of your physical surroundings,” says Charles Henderson, global managing partner and head of X-Force Red at IBM. He leads a team that helps corporations document digital vulnerabilities — ways that hackers can break into data.
For example, if your cellphone has lost its charge, before you rush to plug it into a free USB port at the airport or use the Wi-Fi in any public place, think carefully about the potential risks.
Through malware installed on the port all the data on your phone can be stolen, and with it your identity.
In addition, keep track of your boarding passes and baggage claim tickets and the airline tags attached to your luggage. These pose risks as well. Personal identifying information is attached to these items.
Cybercriminals are waiting to collect any information they can obtain from you, and are targeting airline and hotel loyalty programs to obtain miles and points to sell on the black market, cybersecurity experts say.
Devices that can scan the barcode on the boarding pass or baggage claim check could give cyber thieves information about your past travel patterns. The boarding pass, for example, includes your name, flight number and airline, and your travel dates and destinations. This information could help a cybercriminal find you on Facebook or by other electronic means. Then, by impersonating an airline employee, a cybercriminal could use this information to ask you for your airline rewards number and password.
“Your boarding pass has enough information [on it for cyberthieves] to get your loyalty program number,” Henderson says. Of your boarding pass after a flight, he says, “Don’t throw it on the ground. Criminals are starting to target these” as a way to obtain the miles and points of travelers who have lots of them. The thieves “trade in the points for an airline ticket and sell the ticket on the black market,” Henderson says.
According to the 2019 IBM X-Force Threat Intelligence Index, the transportation industry is the second most attacked industry, up from 10th place in 2017. The finance and insurance sector has been the most attacked three years in a row.
In the past 18 months, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches.
There are a variety of ways this is done, ranging from setting up a “rogue” Wi-Fi network that resembles a legitimate one to installing malware on a public USB port in an airport.
It’s up to travelers to be careful while moving from place to place. “You kind of forget where you are,” says David Cowen, managing director, US Cybersecurity Services at KPMG. “You kind of forget someone could be watching.”
In protecting yourself digitally, think of it this way: “Would you leave your Social Security card out or leave money on the seat next to you?” Cowen asks. Here is how to protect yourself digitally while traveling:
- Avoid accessing any personal or financial information while using Wi-Fi in an airport. “If it can wait, don’t do it in the airport,” Cowen says. “Someone can be looking at your screen behind you.” Wait until you are in a private place — at home — to pay that bill online or check your balance in any online account. “Wi-Fi in the airport is much more dangerous than using a USB port in the airport,” Cowen says. Use a charged battery pack, or an electrical outlet to charge your phone or other devices.
- Use a mobile security gadget if you plug into airport USB ports. Consider using a gadget that can be purchased for $10–$13, designed to protect your data from theft, Henderson says. Among those sold are Juice Jack Defender and SyncStop, experts say.
- Use a virtual private network (VPN) from a company you trust. “It takes all of the information you’re sending off to the internet and encrypts it,” Cowen says.
- Set up a personal hotspot on your phone. Check to be sure your mobile provider provides a plan, and that you have added it, if necessary, to your mobile plan. All the data will be encrypted, Cowen says. Encrypting data means making it undecipherable when it is moving from one place to another on the internet.
“Everybody has data that’s important to or can be used by a criminal,” says Drew Paik, business development director for Authentic8, an internet software company in Mountain View, California. “People let their defenses down when they are traveling, whether for leisure or work. When you’re traveling, you’re not in control of your environment. In an airport or hotel you don’t know what people are doing. They can take over the Wi-Fi.”