Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Protecting email While Traveling From Identity Theft

 

You’re traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

“While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I’m stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!”

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she’s engaging in an email conversation with you, but it’s actually a scammer who’s jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can’t happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it’s happening more frequently. I’m amazed that I’m not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an “evil twin,” a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The “S” in “https” indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.

 

3581

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (5)

A Finextra member
A Finextra member 31 July, 2009, 05:03Be the first to give this comment the thumbs up 0 likes

Robert

Thank you for this...it is succint and to the point and provides a starting point to secure ourselves when travelling.  A friend of mine got hit with the message you describe above whilst travelling in Europe.  He had to send out a message almost to his entire address book to retract.  Quite embarrassing...

Keep up the blog...

Report abuse
Robert Siciliano
Robert Siciliano - Safr.me - Boston 31 July, 2009, 13:16Be the first to give this comment the thumbs up 0 likes

Thanks for the comments Gerhard.

Report abuse
A Finextra member
A Finextra member 01 August, 2009, 12:13Be the first to give this comment the thumbs up 0 likes

Maybe if some email account providers just try offering paid and secured email accounts (secured with the use of time-based one-time passcodes to access the email account, or an out of channel authentication, for example), they might find that some people would pay for secured email accounts.

Granted, there willl always be more people who will stay with the status quo of getting free but less-secure email accounts. But security can be a product/service differentiation that consumers would not mind paying for. Actually, I wouldn't mind doing such a project with Google, MSN, Hotmail or Yahoo.

Even if only 0.1% of the approximate worldwide total number of internet users (total of 1,596,270,108) would pay for such a service, it does not seem to be a daunting project to undertake. Sure, now someone will tell me that this service is already being offered. Nice try. I've been checking this out and I haven't seen such a service yet.

Report abuse
A Finextra member
A Finextra member 03 August, 2009, 09:40Be the first to give this comment the thumbs up 0 likes

Thank you for that information, I have done this at airports quite a several times before i had the Laptop.

Also i would like to know is it safe to use Wi-Fi at public places such as airports, hotels..etc ? I do not see any risk as we are just surfin the web thru a wireless network but could there be any traps in between ?

Thanks.

Seyan

Report abuse
Cedric Pariente
Cedric Pariente - EFFI Consultants - Paris 07 August, 2009, 16:10Be the first to give this comment the thumbs up 0 likes

Hi Seyan,

The short answer is NO.

PUBLIC INTERNET ACCESS ARE NOT SECURE.

As explained by Roberto, when you use a public access (WiFi or not), someone is providing you with an access.

BUT, they know everything you do, they can replay any of the credentials you use, even if you are on an HTTPS connection. They can control ALL the traffic that goes in and out through them.

Moreover, public internet places are the best spots for hackers, they simply have to put a honeypot and wait. Hackers LOVE cybercafés.

A safe behavior would be to use free internet access only to browse, and avoid to use any confidential credentials. That would definitely be my recommendation.

Cedric

Report abuse
Join the discussion
Robert Siciliano

Robert Siciliano

Security Analyst

Safr.me

Member since

04 Feb 2009

Location

Boston

Blog posts

839

Comments

62

More from Robert

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more