Skip to main content
Protect Yourself

Information Risks of Travel

By October 10, 2018No Comments

So, you’re on the road for work again, are you? Or, you’re heading out soon? Regardless of when, if you travel for work you should know about the information risks of travel and how it increases the risk of identity theft and, therefore, future social engineering attempts.Information Risks of Travel

How does travel affect identity theft?

When you pack up to go on a trip, work or personal, you take at least two items that contain sensitive, personally identifiable information: your license, and your ticket or a device that contains your ticket. A malicious actor’s desire to duplicate this information means travel increases the risk of information theft. When travelling you consolidate all your information, and your company’s information, to your person and transport it through, and to, locations and the environment with which you are unfamiliar. This puts you at a disadvantage. 

Your driver’s license contains extremely sensitive information such as your name, birthday, signature, address, and license number. Your ticket has a bar or QR code that, because it can be read by the airline’s scanner, can be read by many scanners. This includes valuable information like your confirmation number, sensitive PII, and often airline rewards numbers. These details can be used in social engineering attacks like spear-phishing or phishing campaigns against you. 

In addition to your license and ticket information, travel increases the risk of information theft because you are likely carrying technology used to connect to networks which can leave your and your company’s information increasingly vulnerable. However, you have control over how this information is exposed. 

How can we protect ourselves and our PII while travelling?

Always be alert and aware. For physical items, have an organizational system where you know what information exists where. Keeping a dedicated location, such as a specific pocket, for your ticket and only your ticket will reduce the risk that the ticket is left in the open where its code can be photographed or scanned. Maintain a separate and dedicated area for any payment options, like cash or credit cards, and another still for your license. Keeping these items separated will mean a pickpocket would have less of an opportunity to lift the documents all together, reducing the information they have as well as the replacement hassle, and it will also limit accidentally dropping or exposing one while using another. 

Technology is a separate hurdle where travel increases the risk of information theft that can expose both you and your company. Recently, the list of the top 10 airports travellers is most likely to be hacked in was released. The list makes it clear that frequent travellers will struggle to avoid all these airports, and other airports pose a threat even if they are not included in this list. The information obtained from your devices or person while travelling could lead to future social engineering attacks by exposing information that can be used to launch a sophisticated phishing campaign targeted at a known operating system or type of computer-based on information gathered by an attacker while travelling. 

Let’s discuss some ways to travel safely with your devices:  

  • Don’t join public WiFi. Download necessary documents to work on or entertainment options before leaving a secure network;  
  • Travel with a personal hotspot to use your own network you tether your devices to; 
  • Get a Virtual Private Network (VPN) for personal use. We recommend researching VPN options and using one that limits the leakage of information, then using a secure VPN on all your devices. Generally, the free VPN options are not the most secure; 
  • Avoid plugging your devices into un-known ports, and avoid plugging anything unknown into your devices;  
  • Purchase privacy screens for devices you plan to use in public to avoid anyone shoulder-surfing you for information; 
  • Avoiding sharing geolocation information while travelling; and 
  • Be vague in any Out-Of-Office messages you may leave on your email account. Information left in OOO messages can be used by malicious actors without your immediate knowledge, or without your knowledge at all. These can indicate your absence from the office which could allow for a bad actor to impersonate you while you are away. 

Stay alert and aware! 

Sources:
https://www.cnbc.com/2018/07/17/these-are-the-10-airports-where-youre-most-likely-to-be-hacked.html
https://www.techradar.com/vpn/best-vpn
https://krebsonsecurity.com/2015/10/whats-in-a-boarding-pass-barcode-a-lot/ 

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now