By Doros Hadjizenonos, Regional Director Southern Africa, Fortinet

The lifting of Covid-19 restrictions has seen travel volumes soaring again, as tourists set out on long-awaited holidays and businesspeople revisit regions and clients they could not access during lockdowns. With this increase in mobility has come an increase in opportunities for cyber criminals.

Fortinet warned recently that malicious actors are stepping up their focus on eager travelers, with a number of travel-related attacks taking place. FortiGuard Labs discovered malwares like AsyncRAT and Netwire RAT that take control of the compromised machine and perform malicious activities such as data exfiltration and reconnaissance. They use disguised files such as ‘Itinerary.pdf’, ‘Flight_Travel_Intinery_Details.jsor’ or ‘Booking details.exe’. All that is needed is for the victim to click and manually run the executable file to get infected.

Cyber criminals also take advantage of lapses in judgement and a lack of caution when travelers are on the road, passing through airports and using public Wi-Fi.

To stay cyber safe while travelling, leisure and business travelers need to practice good ‘cyber hygiene’ to keep their digital devices, applications and identity safe.

Secure your endpoints

Phones, laptops and even wearable technology such as smart watches, tablets are endpoints that can be exploited to give attackers access to your personal data, or even your company’s networks. It is important to ensure that all endpoints are protected and patched. Updates are important to prevent cybercriminals from taking advantage of bugs in applications. For example, when you view the App Store or Google Play Store and update the apps on your smartphone, you’ll see release notes on why the vendor is recommending you update their app. In most cases, it's about security features and a bug that has been fixed. If you don't update these apps, threat actors who are aware of these issues can take advantage of these vulnerabilities.

Don’t let fellow travelers use your devices or connect USB sticks. You never know what kind of software is stored on a USB stick. And consider investing in a privacy screen if you’ll be using your laptop for work in a public place. Data in laptops should always be encrypted in case of theft or loss, which can happen very easily when people travel. And even if you think you have everything under control, you should always have an incident and response plan so you know what is going to happen if a laptop gets stolen.

Watch your passwords

Weak passwords and reused passwords make it exceptionally easy for cybercriminals to access your sensitive accounts and company accounts. Avoid using the same password across multiple accounts, and use two-factor authentication or a password manager as an added layer of security.

Beware the Wi-Fi

If possible, don't connect to public Wi-Fi, particularly when many people are using the network. If the network has poor security, other users may be able to scan your system. Turn off automatic connections for Wi-Fi and Bluetooth on your phone. Connecting using a mobile Wi-Fi router or a SIM from the country you are travelling in is a safer option when on the road.

Be cautious with social media

While social media may be the holiday maker’s best friend, it is not ideal to use social media to log on to sensitive accounts while travelling. If you log in with one of your social media accounts, typically you allow the people running the platform to get access to sensitive information.  

Social engineering remains the most prevalent and most successful tactics for gaining access to user accounts so the more information you expose, the easier you make it for attackers.

QR codes

QR codes are in use by many brands to offer easy access to information, discounts or benefits. But be extra cautious about the QR codes you scan while travelling -there are potential risks involved in opening unknown websites on your device.

Understand phishing

Phishing is a successful attack method even in structured environments: when you’re in a rush, in a crowded place or on the road, it can be even easier to let your guard down. Be extra cautious about downloading attachments or clicking on suspicious links when travelling.

To improve cyber security awareness, Fortinet’s free NSE training, NSE 1 – Information Security Awareness, includes a module designed to help end users identify and protect themselves from phishing attacks.