Summer is winding down. If they’re not already back in school, your kids or grandkids will be soon. But there might still be time to sneak in that end of summer vacation.
If you decide to hit the beach, explore Europe, or just take a road trip across the country, the last thing you want is to worry about your digital security. Unfortunately, that’s exactly what you need to do.
Hackers targeting hotel guests
Researchers with FireEye recently discovered that a hacking group with Russian ties is targeting travelers who stay in hotels. It started by targeting hotel guests in Europe beginning in July. However, the attacks are thought to be spreading across the globe.
What’s happening is, the espionage group dubbed APT28 is stealing passwords and login credentials of travelers using hotel Wi-Fi networks. Many of the targeted victims are business travelers. Once their credentials are stolen, the hackers also infect their companies’ networks back home.
The scam begins with cybercriminals sending spear phishing emails to hotel employees. The email contains a fraudulent hotel reservation document. If it’s clicked on, malware infects the hotel’s Wi-Fi network.
The malware gives the scammers control over the hotel’s guest Wi-Fi networks. This could allow them to steal credentials of anyone who uses it and any unencrypted data that is sent over the network.
The hackers are using leaked malicious software created by the U.S. government known as EternalBlue. This software was also used as part of the WannaCry ransomware attack in May that spread over 150 countries globally.
These types of attacks seem to be popping up more and more. That’s why you need to know how to stay protected while traveling.
How to stay protected while traveling
If you must use public Wi-Fi, you need to follow these tips to protect yourself:
1. Ask for the network name – Just because a public Wi-Fi network pops up and asks if you want to join, doesn’t mean it’s legitimate. Scammers will sometimes create networks called “Coffee Shop” or “Hotel Guest” to make you believe you’re connecting to the real thing when, actually, you’re not.
2. Be skeptical of links – Scammers are skilled at making links seem enticing so you’ll fall for their trick, but there are some signs that should make you think twice before you click. First, if a site makes an outrageous claim or sounds too good to be true, it’s probably not legitimate. Second, if you’re prompted to download something, you probably should avoid it.
Tip: To see what’s hiding behind a hyperlink, see what shows up in the bottom left-hand corner of your screen when you hover your mouse over it.
3. Avoid certain websites – Unless you’re planning to do some general web surfing, it’s probably best to avoid public Wi-Fi altogether. When using public Wi-Fi, always assume that somebody out there is watching. Never log on to your banking site when connected to public Wi-Fi.
Tip: If it requires a username and password to log in, you should only access that site from your own private network.
4. Stay encrypted – When you do connect to public networks, encrypted data is essential to your online security. However, you can’t always trust that the network is encrypting that data for you. Visiting SSL sites, or websites that begin with the letters H-T-T-P-S means that the data exchanged is being encrypted. But you still may want to take additional precautions. Click here to learn an easy way to ensure every website you visit is secure.
5. Use VPNs – You might not realize that it’s easy to create your own private network. VPNs, or Virtual Private Networks, can be created wherever you go if you have the right software. There are several apps that create VPNs, as well as online security software. Click here to learn about the best available VPN services.