16 July 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

749Posts 2,173,438Views 62Comments

Protecting email While Traveling From Identity Theft

29 July 2009  |  3277 views  |  4


You’re traveling on business or vacation and you log into a public computer to check your email. You enter your credentials, read a few emails, delete some spam, fire off a note to a colleague at work, and log out. You think nothing of it, but before you know it, your email account has been hijacked. Your friends, family and business associates all receive the following message, sent from your account:

“While traveling in Europe I was approached by what looked like a homeless man who bumped into me, then he apologized. A few minutes later I went to a café to have lunch. But when I went to pay, my wallet was gone. I was pickpocketed! Now I’m stuck here without any money, can you send me money via a wire transfer? I promise to pay you back as soon as I get home!”

Most of your contacts are probably too savvy to fall for this, but maybe your gullible aunt responds. She believes she’s engaging in an email conversation with you, but it’s actually a scammer who’s jacked your account. So she falls for the ruse and wires a couple thousand dollars to a criminal somewhere in Europe.

Think it can’t happen to you or anyone you know? This week, I met someone who actually pulled the money out of his account and wired it. This was an educated person who should have known better. But when he saw a cry for help, his first instinct was to assist a loved one, and he did what many good people would do.

This scam is easy, and it’s happening more frequently. I’m amazed that I’m not encountering a new victim of this particular crime every ten minutes. There are a few simple ways to hack into an email account. A public computer at a hotel, library, or internet café could have spyware or a keylogger installed. This type of hardware or software can record everything you do on a PC. If you use your own laptop on an unsecured public wireless connection, your data could be intercepted via wireless packets in the air. You could also accidently log on to an “evil twin,” a wireless network that appears to be a legitimate WiFi spot, but is actually being broadcast via a router or computer, allowing a criminal hacker to sift through all your data.

The chance of someone accessing your laptop via a public WiFi connection is slim, but it does happen. Your best bet is to only log into websites that are secure. The web address should begin with https://www… The “S” in “https” indicates that the site is secure. Otherwise, you should download and install private networking software, such as WiTopia. If you use a public computer at a hotel, library or internet café, you are at the mercy of the administrator who set up the PC, or whoever used the computer before you, unless you make an investment in a very cool USB drive called IronKey. This small, secure drive combines hardware, software, and services that allow you to log into any PC with an available USB drive.


TagsSecurityRisk & regulation

Comments: (5)

A Finextra member
A Finextra member 31 July, 2009, 05:03


Thank you for this...it is succint and to the point and provides a starting point to secure ourselves when travelling.  A friend of mine got hit with the message you describe above whilst travelling in Europe.  He had to send out a message almost to his entire address book to retract.  Quite embarrassing...

Keep up the blog...

Be the first to give this comment the thumbs up 0 thumb ups!
Robert Siciliano
Robert Siciliano - IDTheftSecurity.com - Boston 31 July, 2009, 13:16

Thanks for the comments Gerhard.

Be the first to give this comment the thumbs up 0 thumb ups!
A Finextra member
A Finextra member 01 August, 2009, 12:13

Maybe if some email account providers just try offering paid and secured email accounts (secured with the use of time-based one-time passcodes to access the email account, or an out of channel authentication, for example), they might find that some people would pay for secured email accounts.

Granted, there willl always be more people who will stay with the status quo of getting free but less-secure email accounts. But security can be a product/service differentiation that consumers would not mind paying for. Actually, I wouldn't mind doing such a project with Google, MSN, Hotmail or Yahoo.

Even if only 0.1% of the approximate worldwide total number of internet users (total of 1,596,270,108) would pay for such a service, it does not seem to be a daunting project to undertake. Sure, now someone will tell me that this service is already being offered. Nice try. I've been checking this out and I haven't seen such a service yet.

Be the first to give this comment the thumbs up 0 thumb ups!
A Finextra member
A Finextra member 03 August, 2009, 09:40

Thank you for that information, I have done this at airports quite a several times before i had the Laptop.

Also i would like to know is it safe to use Wi-Fi at public places such as airports, hotels..etc ? I do not see any risk as we are just surfin the web thru a wireless network but could there be any traps in between ?



Be the first to give this comment the thumbs up 0 thumb ups!
Cedric Pariente
Cedric Pariente - EFFI Consultants - Paris 07 August, 2009, 16:10

Hi Seyan,

The short answer is NO.


As explained by Roberto, when you use a public access (WiFi or not), someone is providing you with an access.

BUT, they know everything you do, they can replay any of the credentials you use, even if you are on an HTTPS connection. They can control ALL the traffic that goes in and out through them.

Moreover, public internet places are the best spots for hackers, they simply have to put a honeypot and wait. Hackers LOVE cybercafés.

A safe behavior would be to use free internet access only to browse, and avoid to use any confidential credentials. That would definitely be my recommendation.


Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Latest posts from Robert

Are Your Employees Putting Your Company at Risk? Here’s How to Find Out!

18 May 2018  |  6353 views  |  0 comments | recomends Recommends 0 TagsSecurity

10 Internet Security Myths that Small Businesses Should Be Aware Of

11 May 2018  |  1801 views  |  0 comments | recomends Recommends 0 TagsSecurity

Mobile Phone Numbers Are as Sensitive as Your Social Security Number

19 April 2018  |  3573 views  |  0 comments | recomends Recommends 0 TagsSecurity

The Term Identity Theft Protection is Often a Lie

06 April 2018  |  7715 views  |  0 comments | recomends Recommends 0 TagsSecurity

Use a Password Manager Or You WILL Get Hacked

19 March 2018  |  4137 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
739 posts62 comments

Who's commenting on Robert's posts