Good afternoon and welcome back to ToBeSecured!
As you all know June has begun and this month marks the middle of the year. Time is truly flying and so is most people I know. Before I discuss a new topic, I'd like to welcome my new subscribers and thank you all for embarking on this journey with me. Tis' the season for vacations and new jobs that require traveling out of town which leads me into the topic of today.
Catching flights all 2019? Booked & busy all 2019? Is that familiar to you or do you know anyone who uses those phrases? I'm guilty of saying it myself and I am sure most of you are as well. The topic of today's post is about freely giving your personal information away to major hotels we seem to book such as The Marriott, The Sheraton, Hyatt, Hilton, Westin, etc. Over the years, there has been security breaches at these major hotel brands. Then, two months ago, a report by the cyber security software company Symantec revealed that many hotels inadvertently leak guests' personal data to third parties when they send out confirmation emails.
There goes that term once more, inadvertently. Referring to a previous post 'Locating your Data', Twitter shared some user’s data they collected inadvertently to advertise as real-time bidding. A lot of times this term has been used as a cover up whenever a security breach or incident occurs attaching their name to news outlets. The study looked at more than 1,500 hotel websites in 54 countries ranging from small, independent properties to large five-star resorts and chains, and found that two out of three hotels send messages that can make it easy for third parties to view guests’ full names, email addresses, credit card details and passport numbers.
As travelers, at the very least we should make sure that the confirmation email links to a secure site whose address begins with https. Also, if the page gets redirected to a site beginning with http, that may be a red flag to not continue viewing any additional information shown on the page as well as entering additional information.
Since hotels have done little to earn the trust of travelers, it is up to each of us to protect our information and ourselves. Below I’ll list a few tips that can make a difference.
1. Mask your information - credit card details, email addresses, passwords
Booking travel online requires travelers to send over mass amounts of sensitive information. Some information, such as your credit card number or email address, could be obscured using a service like Abine Blur, which generates one-time-use email addresses and credit card numbers. Personally, I recommend utilizing this service because there is a free one-month trial with user access to password vault, multi-device sync, and more. If you want to upgrade to premium, the pricing is very reasonable at only $2.20 a month giving users access to password backup and restore, credit card & phone masking, priority support, and more. Keep in mind this password manager has pros and cons as any other and I am only giving my perspective on this online solution for privacy. Read about it for yourself and try out the free trial then let me know your thoughts on it.
2. Install an extension to thwart formjackers.
Formjacking works like an ATM skimmer on websites that require users to fill out online forms. A cybercriminal places a small piece of code on an e-commerce website and then simply waits. When the victim enters a credit card number or other personal data, the code sends that information back to the criminal. It’s particularly dangerous because it's nearly impossible for victims to detect. Earlier this year, Symantec highlighted formjacking in its Internet Security Threat Report as one of the most serious and lucrative types of cybercrimes. To make the personal information you enter through online forms more secure, I recommend downloading a browser-based script blocker such as ScriptSafe for Chrome, JSBlocker for Safari or NoScript for FireFox. These tools are designed to stop formjackers from stealing the data you enter by blocking the JavaScript code that sends your data to the accompanying parties. A script blocker can also stop formjackers from stealing information pre-populated into your confirmation.
3. Never use free WiFi without a VPN.
In general, it’s wise to get into the habit of using a virtual private network (VPN) whenever you are relying on open Wi-Fi networks in airports, hotels, coffee shops and so on. A VPN boosts security by creating an encrypted tunnel between your computer or your phone and a server. It allows you to access the internet through a remote server, hiding your actual location and browser history, and encrypting your data. Refer to my blog post ‘Free Wi-Fi & chill?’ for more information and additional tips regarding VPNs.
4. When possible pay with a digital wallet.
A few major hotel chains and online booking sites such as Expedia and Hotels.com allow guests to pay with digital wallets such as PayPal, Apple Pay or Google Pay. Less of your personal data is shared and the transaction is secure and encrypted. Personally, I have used PayPal and have done multiple projects where I have explained the significance of the service as well as how I view it. It allows me to add multiple card payments on the application as well as choose which one I’d like to pay from. The application makes it easier for when I make online purchases and do not have to input credit card information when checking out.
If you would like to discuss further, please leave a comment or ask a question. I'd love to chat with my readers and hear your thoughts. Thank you for dropping in and remember ToBeSecured!
Commentaires