Here’s how to stop hackers from stealing your vacation

Photo of author

By Christopher Elliott

Hackers are trying to steal your vacation. They’re coming after your personal data, your credit card information and your loyalty points.

Worst of all, they might already have them.

Consider what happened to Jill Frankfort, a teacher from Boston who recently lost 150,000 American Airlines frequent-flyer miles. She didn’t find out about the break-in until months after the crime, when she tried to redeem her miles for an international trip, but the miles were long gone, and the airline couldn’t help her.

“Travelers are often in a hurry, distracted or on autopilot while traversing public places,” says Mark Ruchie, the chief information security officer for Entrust Datacard. “They don’t notice when unusual activity occurs on their accounts – making them easy targets for hackers.”

Not only that, but the methods hackers use to commit their crimes have evolved as well. Advanced technology and tools that used to be exclusive to governments are now available to the bad guys.

And since this story first published, their techniques have become more sophisticated. Data breaches are now more common than ever. Passwords are routinely stolen with incredibly sophisticated phishing strategies. No question about it; they’re out to get you.

Your miles are on the dark net

For Frankfort, the discovery of her missing miles was devastating. She’d worked hard to earn them, going out of her way to give her business to American Airlines.

“There were transactions for tickets that I did not authorize,” she recalls, including business-class tickets from New Delhi to Doha, Qatar. “I think it’s important for people to know that airlines do not insure frequent-flyer miles from fraudulent usage as credit card companies do with fraudulent charges.”

Generali Global Assistance has been a leading provider of travel insurance and other assistance services for more than 25 years. We offer a full suite of innovative, vertically integrated travel insurance and emergency services. Generali Global Assistance is part of The Europ Assistance (EA) Group, who pioneered the travel assistance industry in 1963 and continues to be the leader in providing real-time assistance anywhere in the world, delivering on our motto – You Live, We Care.

“The black market for frequent-flyer accounts is consistently growing,” says Justin Lavelle, a director for BeenVerified. He says at least half a dozen online markets have listings created by criminals who have stolen frequent-flyer miles. They then try to resell the miles. It’s often difficult to detect the crime, since many folks don’t check their accounts that often, and the theft may go undetected for weeks or months.

Experts advise frequent password changes, use AwardWallet to track loyalty programs efficiently. Then again, you could just remove the target from your back entirely. How? Opt out of loyalty programs, and decide on your travel planes based on price and service, not points collection.

To avoid hackers you need to stay off public Wi-Fi networks

Hackers can steal your vacation by stealing your identity when you log on to a public Wi-Fi network. ID theft is running rampant, as I’ve noted in a previous story.

“Cybercriminals can create a rough copy of your online presence to open up accounts in your name, pretend to be you in online transactions or even masquerade as you on social media to your friends, family and colleagues,” says Mike Tanenbaum, head of Chubb Cyber North America.

The result: At a minimum, a lot of your personal data could be compromised, which can take a while to untangle. But at worst, you could lose money.

Tanenbaum recommends using a virtual private network for online transactions, which provides enhanced security while traveling.

“Avoid conducting banking transactions or accessing your personal financial accounts while traveling, and wait until you get home to complete these types of activities,” he says. If you think your identity has been compromised, place an initial fraud alert on your file with one of the three credit bureaus – Experian, Equifax or TransUnion – and change all of your passwords and PINs. Report your identity theft to authorities.

The hackers may already have your personal information

Most unsettling to travelers is the real possibility that their credit card numbers or passwords have already fallen into the wrong hands because of numerous data breaches.

David Bryan recalls a transaction in a seafood restaurant on a recent visit to Brazil. The business rejected both of his credit cards. Finally, he offered his debit card and typed his PIN, successfully paying for his ceviche.

Two days later, Bryan’s bank notified him of potentially fraudulent activity on his debit card. “I called the bank, and they asked me if I withdrew money from an ATM in Brazil. I told them no, I’m not even in the country anymore,” he says. (Here’s our guide to travel health and safety.)

Fortunately, the bank canceled his debit card and reversed the charges.

“Thankfully, there were no lasting issues for me. In hindsight, I knew something was amiss at the restaurant, and that must have been where my information was stolen,” he says.

And if it happened to him, it can happen to anyone. Bryan is the global technology lead for IBM’s X-Force Red, which provides security testing to corporate clients.

His advice: Don’t use your debit card at stores or restaurants that may not have the security to protect their point-of-sale systems. If you use an ATM, select one inside a bank branch or inside an airport, where the chance of tampering or skimmers on the ATM is reduced. And stay off any public computers.

Hackers are coming for you when you travel. But they don’t have to get you. Check your loyalty accounts frequently, only use safe Wi-Fi and mind your debit card usage, and you can avoid the worst of it.

More tips for avoiding hackers

  • Back up, update and encrypt. “Before you leave, make sure you back up all devices and data,” says Joseph Carson, chief security scientist at Thycotic, a Washington D.C., security services provider. “Double-check that all security updates are applied, and finally, check your security settings to ensure your sensitive data is encrypted.”
  • Beware of new mobile apps before you leave. Before you go, you might be tempted to install a museum app, a language translation app or a local news app. But it may also be malicious and compromise your data, according to Chris Bogen, a Tulane University professor in its School of Professional Advancement Cybersecurity Management Program. “The risk here is no different than when you install apps on your phone at other times,” he adds.
  • Mind the “evil maid.” That’s the industry term for a physical attack at your hotel. “When you leave your laptop out of your sight in a hotel bedroom, someone – the evil maid – can take advantage of that and either copy your laptop hard drive or infect it with malware for further exfiltration of information,” says Fausto Oliveira, a principal security architect at Acceptto, a Portland, Oregon-based provider of authentication services. The workaround? Encrypt your disk or never let your PC out of your sight.

Photo of author

Christopher Elliott

Christopher Elliott is the founder of Elliott Advocacy, a 501(c)(3) nonprofit organization that empowers consumers to solve their problems and helps those who can't. He's the author of numerous books on consumer advocacy and writes three nationally syndicated columns. He also publishes the Elliott Report, a news site for consumers, and Elliott Confidential, a critically acclaimed newsletter about customer service. If you have a consumer problem you can't solve, contact him directly through his advocacy website. You can also follow him on X, Facebook, and LinkedIn, or sign up for his daily newsletter.

Related Posts