As many of us start to think about international travel again, NEBRC Comms Chair Elizabeth Murray, Security Awareness specialist in the Financial Services Sector, reflects on cyber security implications when travelling.
“Airports are interesting places: lots of people coming and going, many sending messages or browsing the internet while they wait to board their flights. But it’s also a place where cyber criminals see the opportunity of the captive audience to spoof public Wi-Fi, steal log-in credentials, or credit card details, and hack into systems. Indeed, a friend of mine works for one of the airlines and unwittingly became a victim of this very crime.
“My friend is pretty active on Facebook, often posting pictures of where they’re working that day. Prior to lockdown, every time they checked in at a particular large international airport terminal, within 5 minutes of the post a request for money would arrive through FB messenger. Typically, a message that was addressed to you personally and after your name said ‘Mate, I’ve made a mistake and have no money. Please can you help me? You can send it to this link’.
“When I received the message, it was obvious to me that my friend had had their account hacked. But not everyone that received the request for money would realise that hacking had taken place. So, how had that happened and why each time at this particular place?
“On arrival, my friend had logged onto what they believed to be a Public Wi-Fi, entering all of their login credentials (username and password) each time, before then logging into Facebook, again with all of their log in credentials for the App. Except it wasn’t a legitimate public Wi-Fi. Instead, it was a cybercriminal operating a Wi-Fi Pineapple, and spoofing the set-up associated with the real public Wi-Fi.
“As my friend is staff, the Wi-Fi may even have been named ‘Airport Staff Wi-Fi’ or similar. Once login credentials were inputted, the cybercriminal had access to my friend’s entire contact list and was able to send named Messenger messages to each of them.
“If that can happen to my friend at an airport, it can happen to anyone.”
NEBRC guidance to help secure your information when travelling:
Only connect to Wi-Fi networks you know and trust.
Consider using your mobile devices 4G connection to create a personal hotspot, giving you a secure connection to the web, as an alternative to using public Wi-Fi.
If you must use public Wi-Fi, then use a virtual private network (VPN). VPNs are a secure way of surfing the web as you need to connect to the VPN server before proceeding onto the web. The VPN server encrypts your data before sending it to its destination.
Never carry out sensitive transactions over public Wi-Fi. This includes internet banking and shopping.
If you’re logging onto a brand name’s Wi-Fi – for example in a café - check with the staff for the correctly named Wi-Fi. Then use a VPN as above.
Prevent devices from auto-joining public networks and remove public networks from auto -join lists when you’ve finished using them.
Be mindful about all devices – including children’s tablets that may be tethered to your own.
If there’s any doubt, think twice about connecting.
Stay aware! Be vigilant! Make sure it’s a happy holiday, not a hacked holiday.
For further information on cyber security for you and your business contact the NEBRC.