Summer bliss or cyber risk?

The cybersecurity landscape in Canada has shifted.

In 2022, cyberattacks increased by 20 per cent  in Canada, and between April and June, weekly cyber attacks on organizations reached their highest point in two years. Canadian organizations are under attack, but cybercriminals are also targeting individuals with increasingly sophisticated fraud maneuvers. One group of Canadians, in particular, is experiencing a growing number of cyber threats — travellers.

The combination of all-time high travel costs, increased travel spending, and a rebounding eagerness to travel post-pandemic has created the perfect storm for online bad actors to exploit unsuspecting travellers.

The escalating threat of travel-related cybercrime

Check Point Research, the research and intelligence arm of Check Point, is tracking a number of travel-related cybersecurity concerns both in Canada and globally. Ahead of the summertime booking season, close to 30,000 new websites related to holidays were created, 1 in every 83 of which were either malicious or suspicious. Check Point also discovered a growing number of phishing scams, data theft, and crimes related to travel fraud.

During periods of increased consumer spending, an uptick in fraud and online scams is not uncommon. According to Booking.com, half of travellers are increasing their spending on travel to make up for lost time during the pandemic. With more financial resources at stake and a larger online population planning travel independently, the opportunities for cybercriminals to capitalize on eager travellers multiply.

Phishing expeditions: Don’t take the bait on your dream vacation

Phishing scams continue to be among the most prevalent tactics being used to target travellers. Using increasingly sophisticated techniques, cybercriminals can create convincing spoofs of legitimate, reputable travel websites or send emails that appear to be from known senders. The scams usually offer deals or special offers, tricking victims into disclosing personal or financial information. In the absence of spelling or grammar mistakes or any immediate indications of foul play, even tech-savvy individuals can struggle to distinguish between legitimate and malicious communications.

Securing public Wi-Fi: Safeguarding sensitive data on the move

Connecting to public Wi-Fi networks in airports, hotels, and restaurants is a common practice for most travellers. However, when a user connects to unsecured local wi-fi networks, predators can intercept sensitive information, such as login credentials and payment details.

Similarly, plugging devices into public charging stations can invite cybersecurity threats. Earlier this year, the FBI issued a warning about free cellphone charging kiosks. Cybercriminals were engaging in “juice-jacking,” which installed malware on users’ devices via public charging stations and harvested travellers’ data.

Ensuring cyber resilience: Best practices for securing your travel plans

Given the growing threat landscape, education and awareness will play a critical in keeping Canadian travellers safe. By understanding the nature of cyber threats that travellers face, individuals can better protect themselves from falling victim to a cyber attack. Best practices for avoiding travel scams and cybersecurity vulnerabilities include:

1. Always buy from an authentic and reliable source: Thoroughly research and verify the authenticity of all companies before making any online bookings. Instead of following a link sent through an email or text, go directly to the provider by searching for them on your search engine and locating the promotion directly. Pay attention to the URLs to check if there is anything usual or unfamiliar, and prioritize websites using HTTPS.
2. Look for ‘too good to be true’ offers: Phishing scams often rely on the promise of an extremely good discount. If you receive an offer that appears to be too good to pass up, don’t rush to buy. Instead, confirm that the seller is authentic by checking other websites to see if they are offering similar discounts.
3. Avoid public Wi-Fi networks and charging stations: Avoid connecting your devices to unsecured Wi-Fi networks unless you are connected to a VPN, and avoid accessing financial or personal information (ex., your banking apps). If you need to charge a device, use your own power cord and plug it into a wall outlet to avoid “juice jacking.”

After years of cancelled trips and deferred travel, the allure of a perfect summer getaway is hard to resist. However, it’s imperative that Canadians remain cautious and aware of the heightened cybersecurity risk they face while travelling. Recognizing common cybercrime tactics, such as phishing scams and spoofed websites, can empower travellers to make informed decisions and avoid malicious actors.

Robert Falzon is the head of engineering at Check Point Canada.