How to Protect Yourself From Travel Fraud

As we have become increasingly dependent on internet technology, cybercriminals have invaded every area of our lives. And that includes travel.

Every time you book a flight or a hotel, use the internet in an airport or foreign café, or post trip photos on your social media accounts, you could be putting yourself at risk for cybercrime.

Rather than allowing yourself to become a victim of a travel-related cyber scheme, it's important to educate yourself about the threats and take steps to protect yourself.


Protect Your Personal Information

Protecting your personal information is paramount when it comes to safeguarding against travel fraud, particularly identity theft.

Your drivers license and passport are the most crucial documents you'll carry while traveling, so always keep them on your person. Make sure you carry them securely, such as in a money belt you wear underneath your clothing or a zippered inner pocket of your bag. Never leave those documents unattended in hotel rooms, rental cars or public spaces, as opportunistic thieves often target tourists.

Additionally, never check your passport or other important documents with your luggage. In the event that your luggage gets lost or stolen during transit, you'll be left without the essential identification needed for your trip.


WI-FI Eavesdropping

Hackers can steal your personal information via public Wi-Fi eavesdropping if you log into Wi-Fi somewhere like in an airport or hotel. Because Wi-Fi can be very easy to hack, you should not trust any open Wi-Fi network.

If you're on an open network, not only can your internet traffic be intercepted, but hackers can also use that opportunity to install malicious software on your computer so that they can see everything you are doing online at any time and manipulate your computer later.

Protect Yourself While on WI-FI

It is best to avoid Wi-Fi altogether, especially when traveling. Instead, use a personal VPN (virtual private network) connection.

Other options include connecting via the Wi-Fi hotspot on your smartphone or purchasing a network adapter that can be inserted into a laptop. Mobile services run on 4G and 5G networks, which are typically much more secure than Wi-Fi.


Hacking of Travel Booking Sites

It's rare to plan a trip these days without online booking — but the sites that book online travel are increasingly targeted by criminals. Several booking sites and reservation systems have experienced data breaches in the past couple of years. Here are some ways to protect yourself when using them.

Protect Yourself on Booking Sites

With new credit cards equipped with electronic chips and pins, it's become much more difficult for thieves to steal credit card numbers at point-of-sale locations. That's why thieves have shifted tactics and are now focusing on websites.

Any website where you're entering your credit card data can carry risk. When possible, use alternative payment methods, such as PayPal, ApplePay and Zelle, so you are not entering your credit card information directly into a website.

NEW Travel Agent Scams

Booking your travel through a reputable travel agency can often simplify the trip planning process and provide you with added peace of mind. However, scammers have become adept at setting up fraudulent or fly-by-night "travel agencies" that definitely do not have your best interests in mind.

Here are six travel agency red flags to be wary of:

  • Unprofessional Website: Be cautious if a travel agency's website lacks essential information, has links that don't work or doesn't provide proper contact details. Reputable travel agencies invest in user-friendly websites with secure payment gateways, clear terms and conditions, and comprehensive travel packages.
  • Generic Email Addresses: Legitimate travel agencies usually communicate using official email addresses that include the agency's domain name. Beware of generic email addresses like Gmail or Yahoo that scammers may use to appear legitimate. Always double-check the email address and ensure that it matches the agency's official domain.
  • No Affiliations to Global or National Associations: Reputable travel agencies often hold memberships in or affiliations with global or national travel associations. These memberships demonstrate the agency's commitment to professional standards and best practices. If an agency claims to be a member of such organizations, do your due diligence and verify their membership through the association's official website.
  • Personal Bank Accounts: Be cautious if a travel agency asks you to wire money or make payments to a private or personal bank account instead of using a secure payment method. Reputable agencies use trusted payment gateways to process transactions, ensuring that your financial information remains safe.
  • Changing Agents: Scammers may adopt a tactic of frequently changing their agent names or using aliases to avoid suspicion. If you notice inconsistent or ever-changing agent names during your communication with the agency, it's a warning sign to back off or proceed with caution.
  • Incomplete or Vague Documentation: Pay close attention to the documentation provided by the travel agency. A legitimate agency will furnish clear and detailed itineraries, booking confirmations, and receipts. Be wary of agencies that offer vague or incomplete documentation, as this could indicate fraudulent practices.

To protect yourself from falling victim to these travel agency scams, conduct thorough research before engaging with any agency. Look for online reviews, testimonials and ratings from previous customers. Verify the agency's contact information and check to make sure they have a physical office address.

Additionally, never hesitate to ask questions and seek clarification about any aspect of your travel arrangements. Remember that reputable travel agencies prioritize customer satisfaction and go the extra mile to provide exceptional service.


Your Unused Air Miles

If you're a frequent traveler, you likely have digital items of value to criminals, such as frequent flyer miles and other loyalty points and memberships. Some estimates place the value of unused rewards across the most popular airlines at $27.5 billion.

This entices fraudsters who are finding ways take over these reward accounts and sell them at rock bottom prices on the dark web, or use them to buy an array of retail merchandise.

For instance, according to a Toronto news report, one man and woman allegedly stole $23,000 worth of merchandise through the website Air Miles by using stolen points at various retail stores. If you've racked up loyalty points through a favorite airline or hotel chain, those points could be vulnerable.

Here are ways to protect your points and air miles:

  • Keep your boarding pass private, as it may include identification that would make it easier for thieves to access your frequent flyer account. Never post a photo of your boarding pass online, and make sure you securely dispose of any paper pass after a flight.
  • Use a strong password for your frequent flyer account.
  • Set up alerts for fraudulent activity on your account, just as you would for a bank account.
  • Use services such as Experian's dark web scanner to see if your phone number, email or Social Security number are present on the dark web.


Social Engineering

Whether you're at home or traveling, you could become the victim of social engineering, which refers to the use of deception to manipulate you into divulging confidential or personal information to be used for fraudulent purposes.

If you're away from home, it's easy to let your guard down. At home, it's easier to spot something that does not feel quite right, but when traveling, everything's new and different, so you may not be as quick to discern a fraudulent request.

For instance, when someone calls your home and says they're from your bank and need your account number, it's likely to raise a red flag. But when you're in a foreign country and someone offers to help you log in to the hotel's Wi-Fi network, it may seem perfectly natural to provide your name, room number and other identifying information to a "friendly stranger" who may turn out to be a scammer.

Protect Yourself from Social Engineering Frauds

Social engineering fraudsters rely on worming information out of you to successfully pull off their schemes, so the best way to protect yourself is to be careful about what you share.

That means you should avoid broadcasting your travel plans on social media and wait until you get home to post photos from your trip. This way, it will be harder for scammers to track your movements while you're traveling and gain your trust while you're away from home.


Utilizing Credit Cards or Cash

When it comes to making payments while traveling, the choice between utilizing credit cards or cash can significantly impact your security and vulnerability to fraud. However, there are consideration for both while traveling.

Benefits of Using a Credit Card While Traveling

Credit cards offer several advantages over debit cards, especially concerning fraud protection.

In the event of unauthorized transactions or fraudulent charges, credit card users have legal protections under the Fair Credit Billing Act, with your maximum loss usually limited to $50 out of pocket. Some credit card issuers even offer zero-liability policies on their cards.

On the other hand, debit cards are directly linked to your bank account. That makes fraudulent debit transactions riskier and makes it more difficult to recover funds if you're scammed using a debit card instead of a credit card.

It's likely safer to avoid using debit cards for travel expenses to minimize potential losses in case of fraud.

Use Contactless Payments Where Possible

The rise of wireless payments, also known as contactless payments or mobile payments, has introduced a new layer of security that can help combat fraud. These advancements in payment technology utilize technology called "near-field communication" (NFC) or mobile wallet applications like Apple Pay, Google Pay, or Samsung Pay to facilitate secure transactions without the need to physically swipe or insert a card.

Wireless payments use tokenization, a process that replaces card numbers with unique tokens for each transaction, making it challenging for fraudsters to intercept or steal your data. Additionally, many mobile wallet applications require biometric authentication, such as fingerprint or facial recognition, before authorizing a payment, adding an extra layer of security to your transactions.

Benefits of Using Cash While Traveling

While credit cards and wireless payments provide robust security measures, carrying some cash is usually still essential during your travels. Cash can be valuable in situations where credit cards may not be accepted or in regions with limited access to electronic payment options.

However, you'll need to be careful about where you obtain your cash. Exchanging currency at your bank before leaving is an option, but it could make traveling more dangerous as you'll probably be carrying more cash than usual.

If you choose to withdraw cash while traveling, try to keep your transactions limited to the ATMs of reputable banks. Always try to avoid standalone ATMs as they are more prone to being tampered with.

Additionally, consider avoiding money exchange kiosks. While they aren't always a scam, their exchange rates are typically subpar compared to what you'd get at a financial institution's ATM, even after fees are factored in.

When using an ATM abroad, make sure to:

  • Be aware of your surroundings.
  • Use ATMs in busy public spaces.
  • Hide your pin while entering it.
  • Check the card reader for signs of tampering.

If you must use a money exchange kiosk, be wary of those located down quiet side streets or dark alleys. Instead, pick one that's in a busy area such as a hotel lobby, busy mall, airport, or on a main street that has clear signage. While you'll be safer in such places, there's still a risk that an exchange kiosk is a scam, so always exercise extreme caution while dealing with them.

Additionally, avoid carrying large sums of cash when possible. Avoid counting cash publicly and consider using a product like a money belt to keep it out of sight while not using it.

Keep Track of Spending

When you're traveling, it's crucial to keep a close eye on your expenses to ensure hotels and other businesses are not trying to take advantage of you as a traveler. One effective way to do this is by diligently keeping a copy of each receipt you get. Make sure you compare what you're being charged to the agreed-upon prices and immediately question any discrepancies or potential overcharging.

In some cases, businesses may attempt to increase their prices when you show up, especially if you have booked their services through third-party platforms. Shady operators sometimes earn extra revenue by exploiting travelers who may not be fully aware of the standard pricing or the terms of the agreement. Having receipts on hand allows you to verify the actual costs and challenge any suspicious or inflated charges that may appear on your bill.

In addition to keeping receipts, consider using a travel budget planner or a dedicated mobile app to log your expenses. This will help you stay organized and track your spending throughout your trip.


Device Hacking

Most corporations whose employees travel internationally for business have a "clean device policy" in place. That means employees must take a clean, or brand-new, computer, laptop or phone with them on the trip, and the company wipes it clean of all data when they return. These policies are becoming standard for many companies because device hacking has become so prevalent in many international locations.

Protect Your Devices

Consider implementing your own "clean device policy," using a separate smartphone or laptop for international travel that you can wipe clean after each trip. You can do so by following the directions to do a factory reset for your specific device.

In general, you should consult the U.S. State Department's website, which offers extensive travel guidance for every country in the world. This guidance can tell you about known security risks in the country you're going to and what to be on the lookout for during your visit.

The Dangers of Public Charging

In today's connected world, our smartphones and electronic devices have become indispensable travel companions. However while you're on the go, the need to charge your devices might prompt you to seek out public charging stations for convenience.

Before you plug in your phone or tablet, it's essential to be aware of the potential dangers associated with public charging, particularly a newer threat known as “juice jacking."

How Juice Jacking Works

Juice jacking is a cybersecurity threat that has gained attention in recent years. The term refers to a hacking technique in which cybercriminals tamper with public charging stations or use USB cables to install malicious software onto your device when you connect it to a charging outlet.

Plugging into a compromised port could result in:

  • Compromised data.
  • The leaking of sensitive information.
  • The installation of malware.

One of the most common methods used in juice jacking is the installation of malware that can capture your login credentials, credit card information, or other personal data from your device, which can then be used for fraudulent purposes.

Cybercriminals often set up compromised charging stations in locations with high foot traffic, such as airports, hotels, cafes and other public spaces, where unsuspecting users are likely to use them.

To protect yourself from juice jacking and similar threats, consider the following precautions:

  • Bring Your Own Charging Cable: Instead of using public charging cables, carry your own charging cable and use a standard AC power outlet in your hotel or a portable power bank to charge your devices. This way, you eliminate the risk of connecting to unknown and potentially compromised USB ports.
  • USB Data Blockers: Invest in a USB data blocker, also known as a charging port blocker or data isolator. These small devices prevent data transfer while allowing your device to charge normally. They act as a barrier between your device and the public charging station, safeguarding your data from potential attacks.
  • Use a Portable Power Bank: Portable power banks are a safe and convenient way to charge your devices while on the go. These power banks store energy and provide a reliable power source without exposing your device to potential data threats.
  • Disable Data Transfer: Configure your device settings to disable data transfer when connected to a USB port. This added layer of security ensures that even if you accidentally connect to a compromised charging station, your data won't be accessible.

As technology evolves, so do the tactics employed by cybercriminals. To stay a step ahead of potential threats, keep yourself updated on the latest cybersecurity best practices and emerging risks, especially when you're traveling and out of your comfort zone.

This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.

App Store is a registered trademark of Apple, Inc. Google Play is a trademark of Google LLC.