The Top Travel Fraud Threats and How to Protect Yourself

As we have become increasingly dependent on internet technology, cybercriminals have invaded every area of our lives. And that includes travel.

Cybercrime losses in the travel industry could top $25 billion by 2020, according to a study by eNett International.

Every time you book a flight or a hotel, use the internet in an airport or foreign café, or post trip photos on your social media accounts, you could be at risk for cybercrime.

Rather than allowing your losses to contribute to the billions that could be lost in travel-related cyber schemes this year, it's important to be aware of the threats and take steps to protect yourself.


WI-FI Eavesdropping

Through public Wi-Fi eavesdropping, hackers can steal your personal information. Because Wi-Fi is very easy to hack, “any open Wi-Fi network should be considered untrustworthy," said Karl Mattson, chief information security officer at City National Bank. “If you're on an open network, your internet traffic could be intercepted, but hackers can also use that opportunity to install malicious software on your computer so that they can see everything you do at any time and manipulate your computer later."

Protect Yourself While on WI-FI

Avoid Wi-Fi altogether, especially when traveling, Mattson recommended. Instead, use a personal VPN (virtual private network) connection, which can be purchased for about $10.

Other options include using the Wi-Fi hotspot available on your smartphone or purchasing a 4G card that can be inserted into a laptop.

"4G and 5G cell networks are much more secure than Wi-Fi," Mattson said.


Hacking of Booking Sites

.It's rare to plan a trip these days without online booking — but the sites that book online travel are increasingly targeted by criminals. Several booking sites and reservation systems have experienced data breaches in the past couple of years.

Protect Yourself on Booking Sites

With new chip and pin cards, it's become much more difficult for thieves to steal credit card numbers at point-of-sale locations — and that's why thieves are now focusing on websites, Mattson explained.

"Any website where you're entering card data is risky," Mattson said. He recommended using alternative payment methods, such as PayPal, ApplePay and Zelle, to avoid entering your credit card information online. These methods are less susceptible to fraud, Mattson said.


Your Unused Air Miles

If you're a frequent traveler, you likely have digital items of value to criminals, such as frequent flyer miles and other loyalty points and memberships. ThreatMetrix estimates there are more than $50 million in travel industry loyalty points lying dormant in accounts, ripe for takeover by fraudsters who sell them at rock bottom prices on the dark web, or use them to buy an array of retail merchandise.

For instance, according to a Toronto news report, one man and woman allegedly stole $23,000 worth of merchandise through the website Air Miles by using stolen points at various retail stores. If you've racked up loyalty points through a favorite airline or hotel chain, those points could be vulnerable.

Protecting Your Passwords

Keep your boarding pass private, as it may include identification that would make it easier for thieves to access your frequent flyer account. Never post a boarding pass photo online, and securely dispose of your pass after a flight.

Also, use a strong password for your frequent flyer account and set up alerts for fraudulent activity on your account, just as you would for a bank account. You can also use Experian's dark web scanner to see if your phone number, email or Social Security number are present on the dark web.


Social Engineering

Whether you're at home or traveling, you could become the victim of social engineering, which refers to a thief's use of deception to manipulate you into divulging confidential or personal information to be used for fraudulent purposes. If you're away from home, it's easy to let your guard down: At home, it's easier to realize when something's not quite right, but when traveling, everything's new and different, so you may not be as quick to discern a fraudulent request.

For instance, when someone calls your home and says they're from your bank and need your account number, it's likely to arouse a red flag. But when you're in a foreign country and someone offers to help you log in to the hotel's Wi-Fi network, it may seem perfectly natural to provide your name, room number and other identifying information.

Protect yourself from social engineering frauds

Social engineering fraudsters rely on worming information out of you to successfully perform their schemes, so the best way to protect yourself is to be careful about what you share, Mattson said.

That means you should avoid broadcasting your travel plans and wait until you get home to post photos from your trip on social media. Also, always use credit cards rather than debit cards when traveling overseas to avoid fraud liability, Mattson said.

If your credit card is stolen, you are never liable for the fraudulent charges. However, if your debit card is stolen, it's possible that you are liable for a portion of the charges. Your debit card is also linked to your bank account, so you'll be out of the cash that was stolen until the issue is resolved.


Device Hacking

Most corporations whose employees travel internationally for business have a "clean device policy" in place, Mattson said. That means employees must take a clean, or brand-new, computer, laptop or phone with them on the trip, and the company will wipe it clean of all data again upon their return. These policies are in place because device hacking is so prevalent in many international locations.

"It depends on which countries you're going to, but Russia, China and some countries in the Middle East are sources of cybersecurity threats, and if you've been there, it's safe to assume there's been an attempt to hack into your communications," Mattson said.

Protect Your Devices

Consider your own "clean device policy," using a separate smartphone or laptop for international travel that you can wipe clean after each trip. You can do so by following the directions for a factory reset for your specific device.

Also, before traveling, consult the U.S. State Department's website, which offers extensive travel guidance for every country in the world. "This guidance can tell you about any security risks in the country you're going to and what to be on the lookout for," Mattson said.


This article is for general information and education only. It is provided as a courtesy to the clients and friends of City National Bank (City National). City National does not warrant that it is accurate or complete. Opinions expressed and estimates or projections given are those of the authors or persons quoted as of the date of the article with no obligation to update or notify of inaccuracy or change. This article may not be reproduced, distributed or further published by any person without the written consent of City National. Please cite source when quoting.