Traveling soon? Protect your data from cybersecurity threats

An estimated 1.4 billion international tourists were recorded in 2024¹. According to the World Economic Forum², prior to the pandemic, the travel and tourism sector accounted for 10.4% of the global gross domestic product (GDP) and 10% of jobs worldwide. Since 2023, travel and tourism have fully recovered from the pandemic, and it is expected that this sector will continue to grow by 7% annually over the next decade. Cybersecurity expert at Surfshark, Miguel Fornés, gives insights on how to sidestep potential threats when traveling.

Key insights

• Threat #1: Your journey starts by securing your travel essentials: booking your flights, train, or bus tickets to ensure a smooth trip and finding the perfect place to stay. You'll likely use a variety of online platforms for these tasks and share your data with multiple companies. IBM reports³ that the transportation sector is responsible for 5% of global data breaches. Meanwhile, the hospitality sector accounts for 4%, indicating that your data may not be entirely secure with these companies. To protect yourself, share only necessary information, ensure you are using the official website and/or airline app, and avoid clicking on unsolicited emails, SMSs, or even social media accounts purportedly belonging to travel companies. This way, if a data breach occurs, it will have a less significant impact on you. Remember that, just as you exercise caution with monetary transactions, you should take the same approach before giving out your data, as your personal data might be the link between you and your money.
• Threat #2: During your travels, you may want to stay online. Many places, such as airports, hotels, coffee shops, and other locations, offer public Wi-Fi to help you stay connected. Picture this: you're at the airport, waiting for your connecting flight, or on a train journey with a long transfer ahead. The hours stretch out, and your device becomes your trusty companion. But before you dive into the online world, be aware that 1 in 4 public Wi-Fi networks lack sufficient encryption⁴. This creates an opportunity for someone to spy on your internet activity, which could lead to privacy concerns, leaked personal data, or financial loss. Moreover, a crowded space is a perfect scenario for fake Wi-Fi hotspots — deployed to steal sensitive information that you may transmit while connected to this bogus signal. Make sure to use your own data plan or a personal VPN to add a layer of security when the Wi-Fi signal cannot be trusted. Conversely, a widespread threat typically found in airports and stations is juice jacking⁷. This tactic involves fake USB charging stations disguised as part of the station commodities, which load malware once your device is plugged in, or request installation of apps to charge your device.
• Threat #3: While traveling, you should take precautions to avoid falling victim to cybersecurity-related incidents. Imagine you're feeling hungry or thirsty, so you sit down for lunch at a restaurant or take a coffee break after visiting a museum or other tourist attraction. You notice a QR code on the table that allows you to scan and view the menu. Wait! You should be aware that 1 in 50 scanned QR codes has a malicious link inside⁵. This link could redirect you to a phishing site that impersonates a real business and attempts to scam you, potentially resulting in financial loss. When using your phone to scan a QR code, carefully examine the URL (web address) to ensure it aligns with the business and doesn't contain unusual spellings or discrepancies. Moreover, especially when traveling or away from home, be extra careful about credit card skimming. In this technique, a scammer installs a nicely fitting second reader or copying device on the top or close to the real card reader so that your card details and PIN code are intercepted. This might be more subtle when you don't know the area or what the payment terminals look like. On the other hand, in crowded and touristic hotspots, be aware of your phone’s location, as there were cases of ghost or unknown payments done through ghost NFC tapping⁸.
• Threat #4: You want to make your trip as adventurous and interesting as possible, so you explore the internet, visiting numerous unfamiliar websites to discover what to do or see at your destination. You think you've found a great activity and want to book it, but there is a possibility that you will eventually land on a phishing site designed to exploit you by impersonating a legitimate business. According to the EMPACT 2023 results available on the Europol website⁶, authorities launched a remarkable 6,269 investigations into online fraud schemes and made 1,018 arrests, indicating that being online is not always safe. Phishing sites are difficult to shut down because they can be set up quickly and often migrate to countries with different laws. Whether you're traveling or just opening links at home, it's important to be cautious and use strong security practices to protect yourself from these scams.

Methodology and sources

Miguel Fornés, a cybersecurity expert at Surfshark, reviewed the travel and tourism sector and discussed common cybersecurity threats while traveling. He analyzed the EMPACT 2023 results available on the Europol website⁶ to identify how many phishing sites have been taken down. He also looked at a study published by IBM³ to determine the percentage of global data breaches that involve companies directly related to tourism and travel. Additionally, provided general safety tips related to public Wi-Fi, QR code scanning, and sharing data with companies.

References: