How to: Safely Use The Internet When You TravelBy Angelica Malin
On a recent trip to Ireland I stayed in a lovely hotel, and got talking to an equally lovely couple about the hotel’s wifi connection which was rather slow. Out of politeness, I asked if they were trying to stream movies or use social media.
They replied that they’d been trying to load and manage their online banking for their trip, as they’d run out of funds a little earlier than expected.
After I gave an internal scream of horror, I bought them both a drink and showed them how to set up a VPN to keep themselves safe. Now, I’m showing you.
If you’re already familiar with things like the ‘Dark Hotel’ group, this guide might be too basic for you. But people get caught out by these scams every year, so it’s important to be prepared.
Hotels, especially, go out of their way to make us feel safe and secure – a home away from home. Digital swipe pass locks; full security; cameras on every corridor. The one area where they continue to fall down? Online protection.
Here’s just a couple of the scams used to get your personal data when you’re on holiday.
This one is so simple that it’s almost rude. Hackers simply set up a normal wifi router near a hotel, and give their network the same name as the hotel. When someone joins that network, they think they’re on the hotel wifi. But they’re really on a network controlled by hackers. The scope for getting financial information – bank account, Paypal login – as well as personal info that can be used for spearphishing attacks against family and friends means this is a lucrative scam. And for the minimal effort, they can afford to wait.
Most people use the same password for multiple accounts. To steal their data, hackers don’t even need to give them internet access. They just take whichever password a user logged onto the network with, and jam it into the user’s email login. Bingo: that hacker has access to the user’s inbox.
Hotels generally use your email address for authentication. It’s what’s called a captive network. So it’s no surprise to see an email from them during your stay, telling you when the pool shuts or when the karaoke starts.
Inside that email, hackers add an attachment – a schedule of events, a timetable or something like that. It’s a self-extracting archive containing malicious code. Holidaymakers think they’re downloading a normal document. But they’re actually giving criminals a backdoor into their whole operating system.
Hotel employee accounts
Even if you’re taking precautions, all it takes is one employee at the hotel getting their work account accessed through a phishing email to compromise everyone who connects to that network. In three months, in 2016, more than 1,200 InterContinental hotels suffered hacks, to the extent that it’s now reported that in Singapore, more people are afraid of going on public Wi-Fi than into public toilets.
What’s the use of me telling you these horror stories if I don’t tell you how to keep yourself safe? Fear not. Here’s a rundown of how to keep yourself safe on your holidays.
1: Ringfence your finances
Do not log onto online banking across wifi. Pay out on your cellular plan and use a personal hotspot. It’s worth the extra money to be sure you’re secure.
2: Ringfence your identity
Don’t use your normal email address or password. Before you go away, create a free throwaway email address that has only one purpose — to be used as your identity for logins. Make sure this email address has a completely different password to any other account you have. That way if hackers get it — they get nothing.
3: Download nothing
Don’t download attachments from the hotel. Most mail browsers have a preview mode for attachments which does not trigger scripts hidden in the attachment. Much more secure.
4: Treat all wifi as compromised
Don’t trust the wifi. As I said at the start of this post, there was a simple way to ensure internet security for that lovely old couple — and that was to encrypt the hell out of their data. The best, fastest and most secure way of doing this is with a VPN (Virtual Private Network). There are paid and free VPNs which are very easy to set up and you can find a provider who’s right for you from www.vpnadviser.com. If you’ve just forked out for health insurance, travel insurance, and personal insurance – trust me, you can afford to spend a few bucks extra for this ‘online insurance.’
Enjoy your time away, please, but always remember: the moment when you let yourself pretend cybercrime can’t get you on your holiday, is the moment when it will.