CYBERSAFE HOLIDAYS

The holiday season is approaching fast, and most people look forward to this time of the year. They are preparing for some form of holiday or breakaway for a few weeks. Be assured, the cybercriminals are also looking forward to this period and are preparing their attack plans to scam us out of our money! They know that during this festive period, people are more relaxed and often less careful than they would normally be. This is a very lucrative time for them; therefore, everyone must be alert to their attack methods so that you do not become a victim. In this article, we review some of the usual and established attack methods to be aware of and ways to thwart such attacks if and when they confront us. We divide the discussion into different categories with which the holidaymaker can be confronted.

Booking Accommodation

Many people will desperately seek the ideal holiday accommodation and use different methods to find the right place. Social networks and the Internet are usually high on the list to find the right place. A person will advertise on a social network, specifying all the required criteria. Very often, they will get a reply with an offer at the right place, time, and price. There is often some urgency from the ‘owner’ as other people may be looking at the same establishment.

In many cases, this is a scam as the place does not exist or has already been rented to other people. Be very careful before paying any deposit or even the full amount. Numerous examples exist where, on arrival, the address does not exist, the actual owner does not know about any booking or several families arrive simultaneously. It is always best to book via a reputable agency or facility with a history of reviews from previous clients. Do not fall into this trap!

Paying Online

This is one of the areas where customers, in general, lose a lot of money. Direct fund transfers are acceptable, but only if you are 100% sure you are paying the right person. Do your homework first. If paying by credit card, be very careful. Your card info can be intercepted and directed to an unauthorised account. Ensure that you have a secure connection with the website offered for payment. There are different ways to check that – therefore, understand the risk of data interception and protect yourself. Be cautious if the CVV digits (the three or four Card Verification Value numbers on the back of the card) are asked in an online transaction. If anybody has your name, credit card number, expiry date and this CVV number, they can perform any online transaction, and you will pay. Protect your CVV number! 

You may book on a fake website, which will just take your money. If possible, check the authenticity of the website offered for payment. Some banks offer a ‘virtual credit card’ which can be used for online transactions. Such a card is linked to your actual credit card account but has a different number and CVV number. By setting the limits of such a card for every online transaction you perform, you protect yourself against fraud. If anyone intercepts the virtual card and wants to re-use it later, the transaction will fail because you changed the limits after your transaction to zero.

Free Wi-Fi

Be very careful using free Wi-Fi in hotels, airports, coffee shops, etc. Never use such networks for sensitive transactions where passwords and login information are needed. Such networks are notorious for being hacked - with the ‘bad guys’ waiting for some naïve user to log onto their bank using such a network.

Unsolicited Phone Calls

Such calls are a common attack method. You receive a phone call from your bank’s fraud department with a very helpful person advising you that they have noticed some unauthorised or strange actions on your bank account. You must provide some information, and they will immediately stop such strange actions and secure your account. Such calls are sure to increase during the holiday season. Refrain from reacting to such a call, even though the caller sounds extremely helpful and concerned and can even give you information about your account and other personal information. Cut the call and phone your bank on their fraud line – ensure that you have the correct number stored on your phone, and never use the number provided by the caller.

Automatic Teller Machines

Be very wary when withdrawing cash. Ensure that nobody, except a friend or family member, stands close behind you. Do not accept any help from anybody if something strange happens – shout for attention if you have to. Try to use an ATM next to or within the bank itself.

Vehicles

If you have a vehicle with wireless keys, always put the keys in a protective (Faraday) pouch when you leave the vehicle so that criminals cannot intercept the key’s signal by walking close to you. If they can intercept the signal, they can record it and use it to unlock your vehicle or redirect the signal to a partner in crime standing next to the vehicle. The results will be the same – your vehicle will be gone!

Do not be naïve, think on your feet and do not be carried away by the ‘holiday feeling’. Protect yourself by thinking like the cybercriminals and be one step in front of them.

Content provided by: Prof Basie von Solms, Professor/Director Centre for Cyber Security, University of Johannesburg.

Published with full permission of author.