How to practice safe Internet on the road


Somewhere along the Kenya-Tanzania border, 8,000 miles and eight time zones from home, I got the news no traveler wants to hear: My email account had been compromised.

The evidence? One of those English-as-a-second-language messages in which I appeared to beg my friends to wire money overseas. It looked like someone had stolen my password.

Perfect timing, I thought, as my computer strained to download the rest of my emails over a faint wireless connection.

I’ve written about this topic several times and use a long list of precautions, so if it can happen to me, it can happen to anyone. Before you take your next vacation, let’s talk about the rules for practicing safe Internet — and where I went wrong.

Kaspersky Lab, a global cyber security company, says one in five travelers have been hit by cyber crime while traveling abroad. In other words, it’s open season on the jet set, particularly those who use open, public wireless networks.

“Never trust open Wi-Fi networks that require no passwords,” says Michael Canavan, a Kaspersky senior vice president.

I reviewed the places where I’d logged into an open network. At the airport in Orlando. In Dubai. At the InterContinental in Nairobi. Impossible to tell where it happened.

What’s wrong with an open network? It may be run by bad guys, according to David Balaban, an expert on ransomware.

“Hackers may set up fake Wi-Fi spots masquerading as a genuine hotel network,” he says. “They create duplicate Wi-Fi networks using the hotel’s branded online materials. They use stronger signals and so lure users to connect to them instead of the genuine hotel network.”

Related story:   TSA trouble: It's not over yet

Another common error: hitting the road with obsolete operating systems or software. Emmanuel Schalit, the CEO of the password manager Dashlane, says securing a laptop or cellphone is easy.

“Before you go, make sure your devices are updated with the latest versions of your applications, anti-virus, anti-malware and other software updates,” he says. “To protect your devices while on vacation, secure all of your devices with a lengthy PIN number or strong password, and encrypt any data locally stored on those devices.”

I’d done all of that, too.

Ah, but did I use a Virtual Private Network (VPN), which encrypts your data through a server, to access the Internet? I hadn’t, mostly because a VPN can make a slow Internet connection even slower.

“Always use VPN while connected on any public Wi-Fi network,” scolds cyber sercurity expert Sanjay Deo. “This will encrypt your communications and help reduce chances of being hacked.”

In all fairness, once I spotted the apparent hack, I immediately fired up my Buffered.com VPN and used it for the rest of my time in Africa. A slow connection is better than a dangerous one.


Anything else? Yes, says Internet safety expert Darren Guccione. I need to set my smartphone so it self-erases after multiple incorrect log-ins. I need to activate anti-theft applications such as “find my phone” that allow you to lock the phone if it’s stolen. “So if your phone or tablet is stolen, you can track it, disable it and change all the passwords,” he says.

Done, too.

What else? Had I somehow typed my password on a public computer? No. Had I inadvertently revealed my password to a hacker while on a stopover or in a hotel lobby? Also, no. How about responding to a suspicious email that appeared to be from my bank, a classic phishing attempt? Absolutely not.

Related story:   How to get connected at the airport

So what happened? I received about six emails in total from concerned friends, all with the same message: Send money now. That’s only a tiny fraction of the 10,000-plus contacts in my address book.

A closer look at the signature showed the messages didn’t come from me but were spoofed. That means someone manipulated the email signature to make it look like it came from my address. The six people who received the message were all fellow consumer advocates whose email addresses had apparently been harvested from my website.

This was no computer security breach at the hands of a careless traveler. It was a lesson in being discreet about your travel plans. I’d told a lot of people about my plans to visit Kenya, and one of them decided it would be the perfect time to scam my co-workers.

You want to scam a consumer advocate? Good luck with that.

What not to do when you travel

  • Post lots of geo-tagged photos or location updates on social media. They can reveal your current and future travel plans in sufficient detail to give criminals an opening. The latest threat: virtual kidnappings, which are becoming more common in Latin America. When you go camping, into the wilderness or to locations where you may be off the grid, cyber stalkers contact your family, claiming you are their hostage. “They will demand immediately a sum of money, usually affordable and easily wired, and insist that the person stay on the phone, using fear tactics but always aimed at ensuring that their ruse is not discovered,” says Mark Deane, CEO of ETS Risk Management.
  • Browse unsecured. Only use HTTPS — Hypertext Transfer Protocol (http) with Secure Sockets Layer (SSL) — when you’re online, especially when you’re on the road. “It’s a more secure option set up by a website that knows security is essential,” says Robert Siciliano CEO of IDTheftSecurity.com. Look for https:// in the address bar, signifying it’s a secure page. Even on an open, unsecure wireless connection, HTTPS is more secure.
  • Leave your device unattended. “The biggest danger travelers have is losing their devices,” says Jason Hong, a professor at Carnegie Mellon’s School of Computer Science. “Don’t leave your devices unattended in public places, because they can be quickly and easily stolen.” Pro tip: Put your name on your device, in case someone returns it to lost and found. Hong tapes his business card to the bottom of his laptop.
Related story:   Help, my Facebook account's been hacked -- can you help me unhack it?

Christopher Elliott

Christopher Elliott is an author, journalist and consumer advocate. You can read more about him on his personal website or check out his adventures on his family adventure travel site. Contact him at chris@elliott.org.

  • LeeAnneClark

    Once again a very topical article for me, given my upcoming plans.

    I’ve mentioned in other comment threads that my husband and I are retiring next year, moving aboard our sailboat and will set sail to cruise around the Pacific for at least five years. While most of the time we’ll be at anchor or in a marina and will have access to the internet (through various means), there will be many times we’ll be off the grid, especially when we are on passages out in the ocean in between islands. While most passages are only a few days, we will have some that are as long as two to three weeks.

    This means we are going to be RIPE for all of these scams.

    Unfortunately, the option of not publicizing our travels is not going to work for me. I’m a writer, and I plan on having a blog to chronicle our adventures. So if some scammer manages to find my blog, it’s going to be very obvious that we’ll be in some very remote, exotic places, and it will also be clear when we’re going to be at sea for long periods of time.

    I will have to give some serious thought about how to protect ourselves from online scammers, once we commence our adventure. These are all excellent tips, and I’m bookmarking this article to remind myself of some things I should do, once we get to that point.

    One thing I will do for sure is inoculate all of my family and friends to the types of scam emails they might get, so they won’t fall for any pleas for money or claims of kidnapping. We will always be reachable through sat phone, even on the long passages when none of our other communications methods work…so if anyone gets anything suspicious that concerns them, they will be able to get hold of us.

    Thanks another excellent article!

  • BubbaJoe123

    “Kaspersky Lab, a global cyber security company”

    If you’re looking for a source, why would you choose a company closely connected to Russian intelligence?

    https://www.bloomberg.com/news/articles/2017-07-11/kaspersky-lab-has-been-working-with-russian-intelligence

  • pauletteb

    Bloomberg is a major spammer, not my idea of a legitimate source.

  • Bill___A

    Multi factor authentication, PIN number on your SIM card, encrypt all USB drives and external drives in addition to your devices. The list goes on…

  • BubbaJoe123

    Bloomberg? You mean one of the leading news services in the world? The one for which everyone in finance pays thousands of $ per month? OK, then.

    Here’s CBS news, if you prefer: https://www.cbsnews.com/news/kasperksy-lab-software-suspected-ties-russian-intelligence-rob-joyce/

Get smart. Sign up for the newsletter.