22 October 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,037,721Views 62Comments

Protecting email While Traveling From Identity Theft

29 July 2009  |  3195 views  |  4

 

You’re traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

“While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I’m stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!”

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she’s engaging in an email conversation with you, but it’s actually a scammer who’s jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can’t happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it’s happening more frequently. I’m amazed that I’m not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an “evil twin,” a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The “S” in “https” indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.

 

TagsSecurityRisk & regulation

Comments: (5)

A Finextra member
A Finextra member | 31 July, 2009, 05:03

Robert

Thank you for this...it is succint and to the point and provides a starting point to secure ourselves when travelling.  A friend of mine got hit with the message you describe above whilst travelling in Europe.  He had to send out a message almost to his entire address book to retract.  Quite embarrassing...

Keep up the blog...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Robert Siciliano
Robert Siciliano - IDTheftSecurity.com - Boston | 31 July, 2009, 13:16

Thanks for the comments Gerhard.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 01 August, 2009, 12:13

Maybe if some email account providers just try offering paid and secured email accounts (secured with the use of time-based one-time passcodes to access the email account, or an out of channel authentication, for example), they might find that some people would pay for secured email accounts.

Granted, there willl always be more people who will stay with the status quo of getting free but less-secure email accounts. But security can be a product/service differentiation that consumers would not mind paying for. Actually, I wouldn't mind doing such a project with Google, MSN, Hotmail or Yahoo.

Even if only 0.1% of the approximate worldwide total number of internet users (total of 1,596,270,108) would pay for such a service, it does not seem to be a daunting project to undertake. Sure, now someone will tell me that this service is already being offered. Nice try. I've been checking this out and I haven't seen such a service yet.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 03 August, 2009, 09:40

Thank you for that information, I have done this at airports quite a several times before i had the Laptop.

Also i would like to know is it safe to use Wi-Fi at public places such as airports, hotels..etc ? I do not see any risk as we are just surfin the web thru a wireless network but could there be any traps in between ?

Thanks.

Seyan

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Cedric Pariente
Cedric Pariente - Racine Alpha - Paris | 07 August, 2009, 16:10

Hi Seyan,

The short answer is NO.

PUBLIC INTERNET ACCESS ARE NOT SECURE.

As explained by Roberto, when you use a public access (WiFi or not), someone is providing you with an access.

BUT, they know everything you do, they can replay any of the credentials you use, even if you are on an HTTPS connection. They can control ALL the traffic that goes in and out through them.

Moreover, public internet places are the best spots for hackers, they simply have to put a honeypot and wait. Hackers LOVE cybercafés.

A safe behavior would be to use free internet access only to browse, and avoid to use any confidential credentials. That would definitely be my recommendation.

Cedric

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Robert

What Was Scary About Blackhat 2017?

02 August 2017  |  6042 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6682 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5285 views  |  0 comments | recomends Recommends 0 TagsSecurity

Getting Owned or Pwned SUCKS!

13 June 2017  |  5706 views  |  0 comments | recomends Recommends 0 TagsSecurity

Parents Beware of Finstagram

27 April 2017  |  5179 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
732 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan
Adedeji Olowe