Add Cybersecurity to Your Vacation Checklist, Part 2

Summer is here, and with it comes endless travel deals and offers – everything from discounts on hotels to limited-time offers on air travel. They pop up on television, your smartphone, your favorite streaming platform – just about every media source you use. It can be tempting to jump on a good deal as soon as you see it. However, while you are looking for the best price, cybercriminals are looking to take advantage of travelers. Before you book, read last year’s newsletter, which offered a foundation on staying cybersafe when planning your vacation. Then review the up-to-date tips below for booking and traveling safely this summer!

Physical Security

• When using devices while traveling, be wary of “shoulder surfing,” where people near you peer over your shoulder to spy on your screen and gain information about you, including your login credentials.
• Use your own charging cable, complete with wall plug, whenever possible. However, if you must use another charging cable, like in a hotel or airport, use a data blocker. The cable plugs in to the data blocker, which looks like a USB thumb drive, allowing only power to be sent to your device. No data can be transmitted when using the blocker.
• Install a privacy screen protector on your devices. These protectors are easy to use and keep prying eyes from seeing your screens.

Use caution with QR Codes

• QR code phishing scams (known as “quishing”) use malicious code to redirect users to phishing sites in order to steal credentials or install malware. Never scan a QR code sent to you in an email unless you’re confident that you know the sender.
• Verify the source before scanning any QR code. If you did not expect a code to be sent, or it is from an unsolicited or untrusted source, do not scan it.
• Be wary of QR codes in public places; street signs, restaurant menus, parking kiosks and storefront windows are all places that scammers can place malicious QR codes.
• Check that the website the QR code links to is legitimate. Look for ‘https’ at the start of the URL or a padlock symbol in the browser address field.
• If you must scan a QR code, use your device’s camera as it is typically safer than using a third-party app.

Secure Payments

• When booking travel, be sure to use secure, trusted payment methods. When booking online, be sure the site you are booking on has a secure payment page.
• Use well-known payment platforms, credit card companies and other secure payment methods and gateways that you are familiar with. Avoid using a debit card or wire transfers when booking travel as these methods offer fewer protections than credit cards.
• A legitimate booking platform will never ask you to pay in cryptocurrency – that is a sure sign you are being scammed!

Be on the Lookout for Fake Travel Websites and Reviews

• Scammers can create fake websites that look similar to legitimate travel booking sites. They pay to have these sites appear at the top of search engine results when users search for travel companies.
• Double check the travel website’s URL. Fake sites often have small errors like slight misspellings or unusual domain names (e.g., “.co” instead of “.com”). When in doubt, manually type the URL in the address bar.
• Customer reviews and testimonials can be helpful, but these can also be faked by AI tools. When you see a review that is helpful, click the user’s profile to view their other reviews.
• Offers that seem too good to be true often are! If you see a flight that is hundreds of dollars cheaper than other similar flights you have been viewing, it is likely a scam.
• Before doing business with or entering any personal information into a company’s website, do a quick internet search to see if any scams are related to the company.

Turn On Account Alerts

• Nearly every financial institution lets you enable alerts on an account for any transactions made. You can receive these as a text message, email or a pop-up alert from the company’s mobile app. Enable all three methods if possible for maximum security.
• Even if you do not receive alerts, you should check your transaction history as often as possible while traveling. Remember to never log into sensitive accounts on a public Wi-Fi network.

Digital Wallet Safety

• Using a digital wallet on your device can be a convenient secure place to store your important documents like boarding passes, tickets and even credit cards.
• Enable a hard-to-guess personal identification number (PIN) and/or biometric authentication to access your digital wallet securely.
• Keep your digital wallet app up to date in order to protect against known vulnerabilities.
• Avoid storing overly sensitive information in a digital wallet, such as a passport number or your government-issued identification.
• Set up remote wipe features within the app in the event your device is lost or stolen. Your sensitive information can then be erased, preventing it from ending up in the wrong hands.

Enable Device Finding Features

• Physically securing your device is just as important as digitally securing it. Even if all precautions are taken, including never leaving your device unattended in a public place, accidents do happen. Using device locating apps that come installed on your device can help you in the event your smartphone is misplaced.
• Enable and familiarize yourself with these features before leaving for your trip. to ensure they are working as intended.

Post-Trip Accounts Review

• Once you are home and settled, even before you unpack, check your accounts.
• Review bank and credit card statements to ensure there are no bogus charges or bookings.
• Consider changing passwords on accounts as another preventative measure.
• Contact your financial institution and authorities immediately if you suspect any fraudulent activity.

Vacations are important for mental and physical well-being, but remaining vigilant of your online activity before, during and after traveling is just as important. The convenience offered when booking a trip online is also what enables cybercriminals to perpetrate scams. By following these tips, you can protect yourself, your personal information and your identity from fraud. Now go enjoy your trip!

Cyber Habit of the Month

Task scams typically target victims with an ad promising quick money simply by completing tasks in an app or online platform. The way you are “paid” is from a commission on each click you complete. These scams utilize an elaborate tally of your alleged earnings on their app, which is completely fabricated and fake. Once they have your interest, they will eventually ask you to deposit your own money to their app in order to access your earnings. Some of these task scams involve multiple parties communicating with you via email, texts and convincing websites.

To avoid these scams, ignore generic and unsolicited texts or online messages about jobs. Legitimate employers will never contact you this way. You should never ever pay your own money to receive earnings form a job or to secure a position in a purported company. Finally, a company paying a user to rate or like things online is illegal, so ignore any “job” that asks you to perform this task.

Additional Resources

• National Cybersecurity Alliance: Best Vacation and Travel Cybersecurity Tips
• FCC: Cybersecurity Tips for International Travelers
• CISA: Cybersecurity While Traveling Tip Sheet
• Consumer Reports: What You Need to Know About Cyber Safety While Traveling
• FTC: Task scams create the illusion of making money