Con artists are grabbing personal information through bogus Wi-Fi hotspots and phone calls to hotel rooms. Here’s how to protect yourself.
By Caroline Mayer
Originally Posted On May 19, 2013
Caroline Mayer is a consumer reporter who spent 25 years working for The Washington Post. Follow her on Twitter @consumermayer
You’ve heard the phrase “buyer beware,” of course. Today, I’d like to talk about a corollary, “traveler take heed.”
From pickpockets to unscrupulous travel agents, vacationers have long been easy targets for con artists. These days, though, thieves have become more sophisticated and devious; even the most wary traveler can get snookered.
Two current travel scams have really set off alarms and I want to tell you about them so you can be on guard for your next vacation or business trip:
Travel Scam No. 1:Unexpected phone calls to your hotel room from the front desk or concierge.
Well, that’s where the person on the phone says he’s calling from. But he isn't; it's what's known as an imposter scam.
Typically, these calls come at odd hours, often in the middle of the night when you’re not alert. You might be told that the front desk’s computer has crashed, deleting your credit-card information, or there was an error processing the card number you gave to cover incidentals. The caller will then want to double check the last four digits — but, of course, they’re not correct so you’re asked to repeat all 16 digits and spell your name.
Whatever the ruse, you know what happens next: The scammer uses your credit card for an expensive shopping spree.
Fraud experts say these calls usually aren’t placed by anyone working at the hotel.
“We don’t think this scheme is an inside job,” says Katherine Hutt, director of media relations at the Council of Better Business Bureaus. “We believe the scammers direct-dial the rooms so they can call in without going through the hotel switchboard.”
When you get the call, the con artist doesn’t mention your name because he doesn’t know it. He just says something like: "This is the front desk, I’m really sorry to disturb you … ”
So what should you do to prevent yourself from becoming a victim? Hutt’s advice is simple: Never give out your credit card number over the phone to anyone you don’t know.
If the caller says he’s a hotel employee, say that you’ll clear up the issue in person at the front desk. You could, alternatively, phone the front desk, Hutt says, but make sure you do so by pressing the button on your room phone, not by using the number provided by the caller. “That one could be a fake,” she says.
Travel Scam No. 2: A phony Wi-Fi hot spot.
In this fraud, a scammer hacks into your computer, smartphone or tablet and gets the User ID and password information you’ve just entered on the site of an e-tailer or your financial institution.
Although the problem can occur at your local coffee shop, you’re more likely to be tricked when you’re traveling. That’s because you’ll probably be eager to get online fast and not pay attention to the name of the Wi-Fi hotspot when you’re sitting in an airport terminal or a hotel lobby with just a few minutes to spare.
The scammer concocts a Wi-Fi hot spot name that sounds like one you know or just uses “Free Wi-Fi” as the lure. “Once the consumer’s device is connected, any transmitted data is intercepted and may later be misused to commit identity fraud,” according to the 2013 Identity Fraud Report by Javelin Strategy and Research, a Pleasanton, Calif., research firm.
Javelin says someone with a tablet or smartphone is more likely to become a public Wi-Fi identity theft victim than a computer user.
The reason travelers get snagged, says Adam Levin, chairman of Credit.com and the IdentityTheft911 website, is that "most people are communicating sensitive data in clear view" or using a site that is not encrypted.
When you use an encrypted website — an address beginning with https — the information you send and receive over the Internet is scrambled into a code. A secure wireless network encrypts all information, according to OnGuardOnline.gov, the federal government’s website aimed at keeping consumers safe.
Unlike your home Wi-Fi network, which probably is encrypted, any communication sent over an unsecure public network can be intercepted by a hacker’s inexpensive equipment, perhaps sitting on a neighboring table.
There are many things a hacker can do with your User ID and password from “sniffing” to “spoofing” to “sidejacking,” notes Kent Lawson, president and founder of Private Communications Corp., a company in Sherman, Conn., that protects individual privacy and corporate data security online. For details on these scary-sounding scams, check out Lawson’s article, “Why Public Wi-Fi Hotspots Are Trouble Spots for Users.”
It doesn’t really matter what hackers do with your private information. What does matter is that you start protecting yourself so you don’t fall into this trap when you travel.
Before logging into a public Wi-Fi network, secure your phone, tablet or computer. Update the device’s virus and malware protection and turn off any file-sharing features.
Be 100 percent certain you’ll be using a legitimate Wi-Fi network. Ask an employee at the hotspot’s location for the name of its network. A hot spot is secure if it asks you to provide a WPA (Wi-Fi Protected Access) password, according to OnGuardOnline.gov.
Don’t assume a Wi-Fi network is on the up-and-up just because it says something like “O’Hare Wi-Fi” and you’re at Chicago’s O’Hare airport. “It’s very easy for hackers to create similar sounding names” to legitimate networks, Levin says. (The Wi-Fi provider at O’Hare, incidentally, is Boingo.)
If you’re certain that you’ll be spending time at an airport – maybe your flights include a long layover – it’s wise to search online for the name of the public Wi-Fi networks there before you go. (One good place to start is the Airport Wi-Fi Guide, a comprehensive directory of airport wireless Internet service.)
Disable any automatic connections to Wi-Fi networks. If you don’t, you could find yourself tapped into a bogus wireless network within your range.
Make sure your passwords vary for every website you visit. That way, if a hacker does gain access to your password for one account, he won’t be able to break into other accounts.
If you’ll be using a smartphone or tablet on your next trip, install an app that lets you wipe out its data remotely. This way, you’ll protect your security if the device is lost or stolen.
Tips for Traveling with Credit and Debit Cards
Levin also has valuable advice for travelers who intend to carry credit and debit cards. Before heading off, “weed your wallet," he says. "Don’t take every credit card you own. Bring along just two credit cards and two debit cards.” By doing so, you’ll risk losing less if your wallet or purse is stolen or misplaced.
Levin actually goes one step further. He recommends keeping one card in the hotel safe while you’re out and about. “That way, if you lose one, you’ve got a spare."
While that advice may sound a little drastic, it resonated with me.
Two years ago, my husband lost his wallet on the way to our vacation destination. For some couples who own their credit cards jointly, that could have ruined a vacation. Fortunately, we each have our own cards, so we could cancel his and not worry about how to pay for the rest of the trip, until, of course, we arrived home and faced the final bill.