It’s the time of year when people start planning their summer vacations, and with everyone watching the bottom line, the temptation to save a few dollars by booking online is strong. That might include searching the underside of the internet for a bargain.
A recent survey by the British security company Comparitech should make you consider carefully where you buy. The research discovered a vibrant market for frequent-flier miles on the “dark web,” a hidden part of the internet that requires special software to access. On one site, Comparitech found that you can buy 100,000 points for as little as $884.
“The type of sites most commonly associated with the dark web are marketplaces where illicit goods such as narcotics, firearms and stolen credit card numbers are bought and sold,” says the report’s author, Paul Bischoff. “The darkest corners are used to hire hit men, engage in human trafficking and exchange child pornography.”
Bischoff says that if you get caught with stolen airline miles or selling your own miles, the airline can wipe out your account and leave you with nothing.
“Airlines can even cancel your bookings if they’ve found you’ve broken the terms of service,” he says.
A study by Seon, a security consulting company, found any number of travel products available on the dark web. They included airline tickets, car rentals and, on one forum, tours sold at a 30 percent discount. On another forum, customers were “impressed with this seller’s ability to deliver flights bought with stolen credit cards,” the study notes. “With over 200 sales, they had only five-star reviews.”
The dark web is just one of the places travelers should avoid. Others include unsecured websites and wireless hotspots designed to collect personal information. Bottom line: Online security can be as important as physical safety for travelers.
You don’t have to visit the dark web to get into trouble. Jonathan Weber, a software developer from East Stroudsburg, Pa., recently found an airline ticket on a Russian carrier called Transaero through a website that specializes in airline ticket price errors. Fare errors are both risky and ethically problematic. Sometimes, airlines honor them, sometimes not. In Weber’s case, the airline went out of business during his trip.
“Luckily, Aeroflot picked up their remaining flights and got us home,” he says. “But it was a hell of a surprise at the airport.”
Even when visiting a legitimate travel site, you might not be entirely safe. Consider the data breach Marriott disclosed last year, in which hackers accessed its reservation systems over four years and exposed private information of up to 500 million customers. Experts say it’s not a question of if, but when the next data breach will happen.
How do you know if a company is taking security seriously? One way is to look for a little padlock icon next to the website address on any page where you can type in sensitive information, including credit card numbers.
That’s missing from a lot of travel sites. At least that’s the finding of Sectigo, a Web security company. It recently studied major airline, hotel, travel comparison, car rental, and train websites and rated them on how effectively they were secured. It flagged the sites for Firefly, SkyWest and Ritz Carlton for triggering “not secure” warnings, and numerous others for lesser security issues.
“Many major travel brands fail to provide assurance of their sites’ security and identity,” says Tim Callan, a senior fellow at Sectigo.
But the most common danger to travelers may be the network of wireless hotspots — set up in public places such as airports, convention centers, and hotels — that are designed to steal personal information.
“Malicious actors can set up fraudulent Wi-Fi networks and even fake mobile hotspots to collect and record traffic that connects to them, especially in top destinations,” explains Matthew Gardiner, a cybersecurity expert at Mimecast, an email and Web security provider.
A 2018 report by Coronet, a cybersecurity company, identified San Diego International, John Wayne Airport in Orange County, Calif., and Houston’s William P. Hobby Airport as the airports where travelers were most at risk of being hacked through a public Wi-Fi network.
Avoiding a public network pays off in additional peace of mind, says Chandler Givens, CEO of TrackOFF, a provider of data privacy software for consumers. “At the very least, try to stick to sites with “https” in front of the URL, and be careful what kinds of personal information you submit while surfing.”
That brings us to the solutions. You can stay off public hotspots, log into a secure public hotspot, such as Boingo, or use a virtual private network (VPN), which offers an extra layer of encryption.
“To protect yourself, for example, when at airports or hotels, find out the official Wi-Fi network of the facility from the management, and don’t connect to any others that you may find to be open,” says Gardiner, the Mimecast security expert. “Remember: How the Wi-Fi network is named means nothing.”
Incidentally, I used to be a skeptic about the risks of unsecured wireless networks until someone hacked my son’s laptop at the airport. The likely culprit: an unsecured hotspot.
(Featured image by Rawpixel.com via Shutterstock)
DISCLAIMER: This article expresses my own ideas and opinions. Any information I have shared are from sources that I believe to be reliable and accurate. I did not receive any financial compensation for writing this post, nor do I own any shares in any company I’ve mentioned. I encourage any reader to do their own diligent research first before making any investment decisions.
Allianz Morocco Enters the Capital of EMOB
Allianz Morocco has become a 33% shareholder in EMOB's capital. The company is positioned on the electric and eco-responsible mobility...
70% of Consumers Want More AR Advertising: Will You Give it to Them?
A recent survey by Ericsson’s mobile ads division, Emodo, has revealed that a majority of consumers now prefer AR advertising...
StartupGym Studio’s Crowdfunding Campaign in Overfunding after 24h
StartupGym Studio, created by Enrico Pandian, has launched an equity crowdfunding campaign on CrowdFundMe to complement a $1.76 million (€1.5...
Payment Giant Nets Increases Stake in POS Fintech Company Orderbird
Nets had already held around 20% of Orderbird - a stake that the Eschborn-based payment service provider Concardis had taken...
City Leaders Announce Major Public Safety Initiatives for 2022
New public safety projects to be provided with federal funding. City leaders at Desert Hot Springs voted recently to issue...