Hackers are trying to steal your vacation. They’re coming after your personal data, your credit card information and your loyalty points.
Worst of all, they might already have them.
Consider what happened to Jill Frankfort, a teacher from Boston who recently lost 150,000 American Airlines frequent-flyer miles. She didn’t find out about the break-in until months after the crime, when she tried to redeem her miles for an international trip. By then, the miles were long gone and the airline couldn’t help her.
“Travelers are often in a hurry, distracted or on autopilot while traversing public places,” says Mark Ruchie, the chief information security officer for Entrust Datacard. “They don’t notice when unusual activity occurs on their accounts – making them easy targets for hackers.”
Not only that, but the methods hackers use to commit their crimes have evolved as well. Advanced technology and tools that used to be exclusive to governments are now available to the bad guys.
Your miles are on the dark net
For Frankfort, the discovery of her missing miles was devastating. She’d worked hard to earn them, going out of her way to give her business to American Airlines.
“There were transactions for tickets that I did not authorize,” she recalls, including business-class tickets from New Delhi to Doha, Qatar. “I think it’s important for people to know that airlines do not insure frequent-flyer miles from fraudulent usage as credit card companies do with fraudulent charges.”
Our executive director, Michelle Couch-Friedman, tried to get the miles back for her, but American said it couldn’t help. The problem was that the transactions had happened six months earlier and Frankort missed the alerts from the airline. In the end, American Airlines restored 25,000 miles as a goodwill gesture.
“The black market for frequent-flyer accounts is consistently growing,” says Justin Lavelle, a director for BeenVerified, an online background check platform. He says at least half a dozen online markets have listings created by criminals who have stolen frequent-flyer miles. They then try to resell the miles. It’s often difficult to detect the crime, since many folks don’t check their accounts that often, and the theft may go undetected for weeks or months.
Experts say you should change your passwords often and consider using a service like AwardWallet (awardwallet.com), which allows you to track all of your loyalty programs. Then again, you could just remove the target from your back entirely. How? Refuse to participate in any loyalty program and make decisions based on price and customer service, instead of how many points you can collect.
Stay off public Wi-Fi
Another way hackers steal your vacation is by stealing your identity when you log on to a public Wi-Fi network at an airport or hotel.
“Cybercriminals can create a rough copy of your online presence to open up accounts in your name, pretend to be you in online transactions or even masquerade as you on social media to your friends, family and colleagues,” says Mike Tanenbaum, head of Chubb Cyber North America.
The result: At a minimum, a lot of your personal data could be compromised, which can take a while to untangle. But at worst, you could lose money.
Tanenbaum recommends using a virtual private network for online transactions, which provides enhanced security while traveling.
“Avoid conducting banking transactions or accessing your personal financial accounts while traveling, and wait until you get home to complete these types of activities,” he says. If you think your identity has been compromised, place an initial fraud alert on your file with one of the three credit bureaus – Experian, Equifax or TransUnion – and change all of your passwords and PINs. Report your identity theft to authorities.
They may already have your personal information
Most unsettling to travelers is the real possibility that their credit card numbers or passwords have already fallen into the wrong hands, because of numerous data breaches.
David Bryan recalls a transaction in a seafood restaurant on a recent visit to Brazil. The business rejected both of his credit cards. Finally, he offered his debit card and typed his PIN, successfully paying for his ceviche.
Two days later, Bryan’s bank notified him of potentially fraudulent activity on his debit card. “I called the bank, and they asked me if I withdrew money from an ATM in Brazil. I told them no, I’m not even in the country anymore,” he says.
Fortunately, the bank canceled his debit card and reversed the charges.
“Thankfully, there were no lasting issues for me. In hindsight, I knew something was amiss at the restaurant, and that must have been where my information was stolen,” he says.
And if it happened to him, it can happen to anyone. Bryan is the global technology lead for IBM’s X-Force Red, which provides security testing to corporate clients.
His advice: Don’t use your debit card at stores or restaurants that may not have the security to protect their point-of-sale systems. If you use an ATM, select one inside a bank branch or inside an airport, where the chance of tampering or skimmers on the ATM is reduced. And stay off any public computers.
Hackers are coming for you when you travel. But they don’t have to get you. Check your loyalty accounts frequently, only use safe Wi-Fi and mind your debit card usage, and you can avoid the worst of it.
More tips for avoiding hackers
- Back up, update and encrypt. “Before you leave, make sure you back up all devices and data,” says Joseph Carson, chief security scientist at Thycotic, a Washington D.C., security services provider. “Double-check that all security updates are applied, and finally, check your security settings to ensure your sensitive data is encrypted.”
- Beware of new mobile apps before you leave. Before you go, you might be tempted to install a museum app, a language translation app or a local news app. But it may also be malicious and compromise your data, according to Chris Bogen, a Tulane University professor in its School of Professional Advancement Cybersecurity Management Program. “The risk here is no different than when you install apps on your phone at other times,” he adds.
- Mind the “evil maid.” That’s the industry term for a physical attack at your hotel. “When you leave your laptop out of your sight in a hotel bedroom, someone – the evil maid – can take advantage of that and either copy your laptop hard drive or infect it with malware for further exfiltration of information,” says Fausto Oliveira, a principal security architect at Acceptto, a Portland, Oregon-based provider of authentication services. The workaround? Encrypt your disk or never let your PC out of your sight.