Malwarebytes Labs - Friday, July 21, 2017 at 11:00 AM
7 tips to stay cyber safe this summer
You’ve probably already seen the back-to-school ads on TV and rolled your eyes
a little bit. We’re with you: There’s still plenty of summer left. That’s why
we want to remind you about some of the cybersecurity pitfalls you might
encounter during the remainder of the summer season.
Whether you’re home with the kids or heading out on vacation, here are some
ways you can tighten up your security profile and avoid spending the rest of
the summer reclaiming your identity or filing credit card insurance claims.
1. Monitor your children’s Internet habits during summer break.
Without homework and extracurricular activities for young students, summer days
and nights are often spent lounging around on a tablet, cell phone, or laptop,
browsing the Internet for funny cat videos or swapping faces on social media
platforms. Parents may already enforce safe surfing habits during the school
year, but with a more lax schedule may come a more lax attitude.
Be sure to set limits for Internet usage, whether that’s hours spent, sites
visited, or apps and video games allowed. It’s also important to discuss online
predatory behaviors, from cyberbullying to sexual exploitation (with an
age-appropriate audience). Don’t just send your kids off to a room to Internet
with abandon. Give them the skills (or possibly the parental controls) to
navigate the online world safely.
2. Beware of fraudulent hotel booking sites.
Planning a trip to cap off an incredible summer? Make sure you’re using
reputable booking sites for travel. A 2015 study by the American Hotel &
Lodging
Association<http://www.businessinsider.com/avoiding-fraudulent-hotel-booking-sites-2016-5>
found that about 15 million hotel bookings are impacted by rogue travel scams
each year. Fraudulent websites or call centers often pretend to have an
affiliation with certain hotels, when in fact they have none. This can result
in being charged for hidden fees, losing rewards points, incorrect
accommodations, fake reservations, and more.
The safest way to avoid being scammed is to book directly through a hotel’s
website. Use third-party sites as resources to see available options. If you do
want to consider a third-party site, call up the hotel directly to inquire if
they are, in fact, affiliated. In addition, be wary of sites that urge you to
book one of the last remaining rooms or don’t allow you to see a breakdown of
fees.
3. Research hotels’ security policies before you book.
According to cybersecurity expert Matt Suiche, hotels are being targeted more
frequently<http://www.npr.org/2017/07/12/536884321/trump-hotels-are-again-the-target-of-hackers-seeking-credit-card-data>
by criminals. Guest credit cards are kept on file for room charges and
opportunities for additional spending at spas, restaurants, bars, and shops on
premise make these properties attractive targets. In April 2017,
InterContinental said that 1,200 of its franchise
hotels<http://www.businessinsider.com/hilton-hotels-cyber-attack-2017-4> in the
United States, including the Holiday Inn and Crowne Plaza, were victims of a
three-month cyberattack aimed at stealing customer payment card data. Also this
year, 14 Trump hotels were
targeted<https://arstechnica.com/security/2017/07/trump-hotels-targeted-again-in-credit-card-data-heist/>
by hackers raiding personal data such as credit card numbers, expiration
dates, and security codes, as well as some phone numbers and addresses of hotel
customers.
When booking your hotel, you can ask about privacy and security policies in
place for protecting customer data. Does the hotel have cybersecurity software?
Is data stored in a secure computer/network? Who has access to it? Their policy
should cover this information and more.
4. Watch out for public wifi in airports and hotels.
Yes, free wifi is a wonderful thing. How else would you stream Netflix in your
hotel room instead of watching the room service menu options on your TV?
However, free wifi is also public, which means that any person in the hotel or
airport can access that account with (or without) a simple password. Wifi that
isn’t password-protected is especially vulnerable. Add thousands of people
accessing it daily and you’ve got a recipe for data breach.
So what to do? Use up your mobile data? That’s one (expensive) way to deal with
it. What we recommend, for the layperson, is to avoid sites where you need to
login, sites with sensitive info (banking, healthcare, etc.), and especially
stay away from making purchases over an unsecured connection. If you absolutely
need to access sensitive info on this summer trip—perhaps it’s for business
rather than pleasure—you’ll want to look into using a virtual private network,
or
VPN<http://lifehacker.com/5576927/how-to-stay-safe-on-public-wi-fi-networks>.
In fact, if you are traveling for business and staying at a luxury hotel, you
might be vulnerable to a spear-phishing campaign called
DarkHotel<https://en.wikipedia.org/wiki/DarkHotel> if you use the in-house wifi
network. Better get that VPN cracking.
5. Don’t announce to the world that you’ll be away from your house on vacation.
The lead-up to the vacation is almost as good as the vacation itself, no? It’s
hard not to get swept up in the excitement and jump on Facebook to tell all
your friends about your upcoming trip. Problem is, unless you are ruthlessly
private about what you share (and social media platforms are constantly
updating their policies, making it easier for people to find your information
that you didn’t intend to), people who aren’t your friends will see that
announcement, too. And really, how well do you know that girl you passed in the
hallway in high school 30 years ago?
Discussing your travel plans (specifically the dates you’ll be gone) opens you
up to a physical security issue. Criminals are known to watch social media in
order to target homes they know will be vacant for robbery. So best to wait
until you get back until you start posting those trip photos.
6. Look closely at ATM scanners and gas pumps.
Heading to a concert and need to gas up? Hitting up an ice cream truck at the
beach and forgot your cash? Be extra careful when stopping at gas pumps or
ATMs, especially those unaffiliated with a bank. ATMs and gas pumps are targets
for
cybercriminals<http://www.cbs46.com/clip/13471890/woman-discovers-skimmer-attached-to-atm-card-reader>,
who might attach skimmers in order to pilfer bank account or credit card data
(and eventually drain those accounts).
Before you swipe your card, give the card reader a good tug. If there’s a
skimmer attached, it’ll likely pop right off the top. In addition, take a look
around the ATM or gas pump for small cameras (smaller than your typical
surveillance camera). They’d be pointing down at the keypad in order to capture
your zip code or pin number.
7. Avoid credit card fraud.
Easier said than done, we know. This one is extra tricky when traveling abroad.
Pick-pocketers steal wallets or credit cards might be accidentally left behind
and lo and behold: someone’s charging $2,537.45 worth of train tickets. While
many card companies can track fraud and refund you the charges, the hassle of
reporting and waiting, especially when overseas, is probably the last thing you
want to deal with while sunning yourself in Phuket.
A few ground rules for traveling with credit cards: don’t take them all. Select
one or two with high credit limits and low foreign transaction fees. Make
copies of the credit cards you’re bringing with you so you can see the numbers
and customer service phone number. Leave one copy with a friend and bring
another with you. (Just don’t store it in the same place as your credit cards.)
And finally, make sure you alert your credit card company of your travel plans
so they don’t freeze your account.
Summer is a time to kick back and enjoy. So don’t spend it on the phone with
your bank and the IRS. Take these precautions and you can be sure to end this
easy-breezy season on a light and carefree note.
https://blog.malwarebytes.com/101/2017/07/7-tips-to-stay-cyber-safe-this-summer/
David Goldfield
Assistive Technology Specialist
Feel free to visit my Web site
WWW.DavidGoldfield.info<http://WWW.DavidGoldfield.info>