As the summer holiday season approaches, Check Point Software Technologies Ltd., a cyber providerbetter safetys, warns the public to remain vigilant due to increased cyber risks targeting both individuals and organizations.
Despite airport delays, rising costs and continued uncertainty surrounding COVID-19, international travel this summer is expected to grow 11% from pre-pandemic levels.
In their rush to catch up on their holidays, for some their first in three years, travelers are likely to not give their due caution regarding cyber security and face risks related to their online activity. Cybercriminals are well aware of this vulnerability and, if anything, ramp up their efforts during the summer season.
According to the report Threat Intelligence Report by Check Point Research (CPR), the global average number of weekly attacks on travel and leisure organizations increased by 60% in June 2022 compared to the first half of June 2021.
Between May and August 2021 attacks on these sectors increased by 73% and this year is likely to see a similar surge, with one of the key trends involving hackers impersonating established brands in phishing attacks as holidaymakers look for last-minute holidays and travel, hotel and attraction offers with delayed availability.
Figure 1 Phishing email impersonating Delta Airlines
Figure 2 Deceptive Delta Airlines page
A potential vacationer who clicks on a phishing email or provides their login information over an unsecured public Wi-Fi connection could face personal risk in terms of credential theft, as well as lead to financial losses. However, there is also an even more serious risk to their employers.
The trend toward so-called hybrid vacations, where people work remotely for part of the summer vacation, makes this threat even more real. Personal laptops, tablets or mobiles often provide criminals with easy access to corporate networks, especially if BYOD devices are not adequately secured.
Meanwhile, corporate networks themselves are most vulnerable this time of year or even on weekends and holidays throughout the year. With security operations teams working understaffed, cyber attacks can go unnoticed until it's too late and the damage has been done. A case in point was the ransomware attack on Kaseya's network on July 4 last year by the Russian-speaking criminal gang REvil, which affected over 1000 organizations worldwide, in addition to around 15 similar attacks per week during May and June, according to with CPR.
For many of us, this may be our first time traveling abroad since the pandemic, and as such there may be some elements of our travel routine that we may have forgotten, including cyber security habits. This is highly desirable for opportunistic hackers looking to take advantage of lax behavior and unprotected devices. It is also a risk at an individual level in our hyper-connected world, as well as for any organization with which a person communicates, including their employer, said Michalis Bozos, Sales Manager Greece & Cyprus, Check Point Software.
By planning ahead, individuals can look forward to their vacation knowing they have taken simple but necessary precautions to secure their devices while protecting their employers' networks. That's why Check Point has put together ten top tips to help consumers stay safe during the summer months.
Top tips to keep your devices secure
1. Treat public Wi-Fi hotspots with caution. Free Wi-Fi access is attractive, but it can also pose some serious security threats. It's not uncommon for hackers to sit in airports, waiting for travelers to join public Wi-Fi networks so they can take advantage of unsuspecting travelers. Avoid unsecured Wi-Fi networks altogether if possible, but if you must use them, avoid accessing personal accounts or sensitive data while connected to those networks.
2. Pay attention to those around you. The person sitting next to you on the plane or while you are waiting to board your plane may have malicious intent. Someone could be looking over your shoulder while you're entering your credit card information or logging into social media. It's smart to get a screen protector, which can help you hide your information from prying eyes.
3. Double-check the websites you make travel reservations on. The cyber attacks που σχετίζονται με τα ταξίδια μπορούν να συμβούν ακόμη και πριν από την έναρξη του ταξιδιού, επομένως είναι ζωτικής σημασίας να ελέγχετε τον ταξιδιωτικό ιστότοπο που χρησιμοποιείτε. Στους απατεώνες αρέσει να μιμούνται αυθεντικούς ιστότοπους και να προσποιούνται ότι προσφέρουν πολυτελείς διακοπές ή ταξίδια με έκπτωση, για να κλέψουν τις προσωπικές σας πληροφορίες. Εάν μια προσφορά φαίνεται ή ακούγεται πολύ καλή για να είναι αληθινή, πιθανότατα είναι. Πριν προχωρήσετε, ερευνήστε διεξοδικά την εταιρεία που προσφέρει τη συμφωνία. Χρησιμοποιήστε πιστωτική κάρτα για ταξιδιωτικές συναλλαγές και όχι χρεωστική κάρτα. Οι εταιρείες πιστωτικών καρτών συχνά διαθέτουν προστασία από απάτες σε περίπτωση που πέσετε θύμα εγκλήματος στον κυβερνοχώρο, ενώ με μια χρεωστική κάρτα, τα χρήματά σας πιθανότατα έχουν χαθεί.
4. Beware of language mistakes. In this case, we are not talking about learning the local dialect, but rather be aware of any spelling or grammar mistakes, as well as authoritative phrases that push you to make hasty decisions, as this could indicate that something is not right. it's going great. That's because cybercriminals rely on people not taking the time to look at the small details that might signal an email or message isn't legitimate. To stay protected, always take an extra minute to verify the authenticity of a message, especially if it's trying to get you to reset your login details, as once a hacker gains access, it won't take long to wreak havoc.
5. Never share your credentials. Οι περισσότεροι άνθρωποι επαναχρησιμοποιούν τα ίδια ονόματα χρήστη και κωδικούς πρόσβασης σε πολλούς διαδικτυακούς λογαριασμούς, γι' αυτό και η κλοπή διαπιστευτηρίων αποτελεί κοινό στόχο των απάτης phishing. Ως εκ τούτου, θα πρέπει να είστε ιδιαίτερα προσεκτικοί κάθε φορά που σας ζητούνται τα στοιχεία σύνδεσής σας. Τα μηνύματα ηλεκτρονικού ταχυδρομείου/μηνύματα phishing συνήθως αντιγράφουν γνωστές μάρκες, υποδύονται ειδικούς υποστήριξης πελατών ή ακόμη και υποδύονται τον εργοδότη σας. Για να διατηρήσετε τους λογαριασμούς σας ασφαλείς, μην μοιράζεστε ποτέ τα διαπιστευτήριά σας μέσω ηλεκτρονικού ταχυδρομείου ή messages κειμένου και εισάγετε τα online για να αποκτήσετε πρόσβαση σε υπηρεσίες μόνο εφόσον έχετε πιστοποιήσει τον ιστότοπο, πηγαίνοντας απευθείας από το πρόγραμμα περιήγησης που έχετε επιλέξει.
6. Turn off automatic Wi-Fi/Bluetooth connections. There may be a default setting on your smartphone to automatically connect to an available Wi-Fi or Bluetooth network, which may allow malicious actors to gain access to your device. Make sure this feature is disabled to prevent cybercriminals from hacking your device.
7. Use multi-factor authentication. When you are on vacation, you may need to access important services that contain confidential or financial data. To be safe, use a multi-factor authentication (MFA) process to ensure that you are the only person who can access these services and that you are notified if an unauthorized person attempts to connect.
8. Download the latest security updates. Before you get ready to leave for your trip, make sure all your devices are updated with the latest security updates. Έτσι θα τις διατηρήσετε προστατευμένες από τις τελευταίες γνωστές απειλές.
9. Get informed about the latest attacks. It's a good practice to do some research on the latest attacks going around so you don't fall prey to any tricks threat actors might use to spread ransomware. Remember that not all scams are based on phishing and that you could still be exposed to provide your credentials over the phone or SMS.
10. Be suspicious of ATMs. Avoid withdrawing money from ATMs, as hackers, especially in tourist areas, have been known to attach credit card skimming devices to stand-alone ATMs. If it is necessary to use one, find an official bank machine, preferably one located within the lobby of your trusted bank.
