When Daniel Carter logged on to a shared computer at a hostel in Rome to check his email, he had no idea he was in a hacker’s sights.
After his trip was over, he discovered someone had hijacked his email account and sent a message to hundreds of his contacts asking for money.
“Sorry i did not get you informed about my short trip to london … i was attacked on my way to the hotel by some hoodlums and they took away all my belongings,” the email said, ending with a plea for money “so i can sort out my hotel bills and fly back home” and a promise of repayment.
Most of Carter’s contacts recognized the scam from the poor grammar and lack of upper-case letters. Unfortunately, one older friend fell for it, sending some $2,000 US to the scammers. Carter eventually regained control of his email account and cleaned up the mess. But the money his friend sent was lost.
“This was a big wake-up call. I thought, ‘Who’s going to hack me, I’m not important or of large means,’” said Carter. But, as he found out, a hacker can make a quick profit off an ordinary traveller.
What happened to Carter is relatively rare. But travellers are especially vulnerable to hackers because they often use computers and Wi-Fi networks in hotel lobbies, cafés and airports.
“If you are using an open Wi-Fi network, you are extremely vulnerable,” says computer security consultant Kevin Mitnick. He should know: Mitnick served five years in prison for computer capers that gained him notoriety and prompted an FBI manhunt.
Here are some steps you can take to protect yourself.
Create a strong password. Carter says his email was easier to hack because he had a weak password. Password advice can be found at microsoft.com/protect/yourself/password/checker
.mspx.
You might also create a dedicated email account for use on the road, with a password that is different from passwords you use for bank and credit card information.
Let your contacts know you’ll be using that account while on vacation. You can stay in touch, but if someone does hack into your account, they only get your vacation pictures.
If using a shared computer, try to cover your tracks. On Apple’s Safari browser, under the Safari menu, toggle “Private Browsing.” On Microsoft’s Explorer, when you log off, go to “Tools” and “Delete Browsing History” to remove traces of your passwords and the websites you’ve visited.
Mitnick says he’d only use a shared computer to check email as a last resort — and then he’d immediately change all his passwords when he gets to a secure computer. But wireless hotspots can be just as dangerous, with the hackers monitoring communication from your laptop or other electronic device.
And a wired hotel network can also be dangerous, since a hacker could be in the room next door and access your computer through the network.
“Sniffing a wireless network is really easy to do — any teen in junior high can do it,” Mitnick says of a strategy that amounts to eavesdropping on computer communications in an open network in, say, a café or airport.
That’s not to say every hotspot is dangerous. But when using your laptop in a public place, you obviously want up-to-date security programs, says Dave Marcus, McAfee’s Director of Security Research and Communication.
You should also disable file-sharing on your laptop, Marcus says. It’s also a good idea to turn off Bluetooth, printer-sharing and disable ad hoc network connections. Each Windows and Mac operating system has a slightly different procedure to do this. Information for your computer can be found at: support.microsoft.com or apple.com/support.
Many experts say you should not send any sensitive data while in a hotspot. That’s because many email services and browser connections essentially broadcast in the clear, meaning someone can eavesdrop on information sent to and from your computer.
If you want to take your computer security a step up, consider a VPN, or Virtual Private Network. “The best way to protect yourself is a VPN,” says Mitnick. “It’s a tunnel, where all your communication is encrypted. A passive attacker can’t intercept.”
But Kelly Davis-Felner of the Wi-Fi Alliance, a group that promotes growth of Wi-Fi networks, says a VPN is probably overkill for travellers who are just checking the latest sports scores or emailing Mom from a café.
“It’s a statistical possibility that you’ll get hacked in a hotspot,” she acknowledged, advising against banking, trading stocks or doing business-related work at an open network without VPN.
But she added: “You are taking a much greater risk handing your credit card to a waiter than sitting in an airport sending email.”
