Keeping our personal devices cyber safe is paramount, as identity theft is at an all-time high — Photo courtesy of Su Arslanoglu / E+ Via Getty Images
Returning from an idyllic vacation in September, I never suspected that browsing the web and charging my phone while at the airport in Marseilles, France, would lead me to becoming a victim of identity theft.
I learned from a cyber security expert assigned to my case that an identity thief hacked into my phone either through a public Wi-Fi network or a compromised public USB-charging station at the airport. With malware installed on my phone, the thief was able to take over my phone, lock me out of it, access my personal information, and sell it. After stealing my identity, the bad actor applied for credit cards and a bank loan, purchased crypto currency and luxury goods, and emptied most of my checking account.
While I was able to report the identity theft and deny fraudulent transactions quickly, it took days to recover funds and contact the financial institutions where my identity had been used fraudulently. I’ve since put identity theft protection measures in place, but I’ll need to remain vigilant for months to come, as stolen information is often resold and more damage done.
Here’s what I learned from my experience of identity theft and some pro tips to keep yourself cyber safe while traveling.
Identity theft on the rise
According to the Federal Trade Commission, in the first half of 2023, Americans reported nearly 560,000 cases of identity theft nationwide, putting 2023 on track to exceed 1 million identity theft complaints — much higher than any pre-pandemic year on record.
How they steal your information and identity
In early April, the FBI issued a warning that “Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices.” This tactic is commonly known as juice jacking.
It’s more widely known that connecting to public Wi-Fi when traveling or in public spaces invites the opportunity for hackers to access our mobile devices, making us prime targets for identity theft. Now that hackers have figured out how to compromise phone-charging stations in airports, hotels, and other public places, the risk of identity theft has heightened exponentially.
There are many ways hackers can obtain your information. According to Tech Radar magazine, if a hacker connects their device to the same Wi-Fi network you’re using, they can use address resolution protocol (ARP) poisoning to intercept unencrypted messages flowing to and from your mobile device. The attacker’s computer sits between your device and the network access point (like a router), enabling the hacker to see, modify, and block any data requests. This potentially opens you up to a range of man-in-the-middle attacks, such as email and session hijacking.
To trick potential victims, hackers also might set up an unsecured wireless network with a name like “FREE AIRPORT WIFI.” Anyone who connects to this network is at risk of having their data harvested or devices infested with malware, such as a keylogger. This malware records and sends all your keystrokes (i.e., when you enter login credentials) to the identity thief.
What I’ve learned about identity theft protection
Using a portable charger can help keep your devices safe from identity theft — Photo courtesy of O_Lypa / iStock Via Getty Images Plus
Consumer Reports Tech expert Yael Grauer recommends changing/updating passwords regularly and using multi-factor authentication (MFA) to access your accounts. Using a second form of authentication — such as a security code sent via text message or email, a fingerprint, or face scan — provides an additional measure of security for your accounts.
Grauer also recommends following the guidelines set forth in Consumer Report’s Security Planner, a free, easy-to-use guide that helps you design a personalized plan to keep you and your electronic devices cyber safe.
Here are a few other identity theft protection measures I take to mitigate the future risk of identity theft.
Alert financial institutions when you travel
This probably isn’t practical advice for business travelers who are often on the go, but for those who travel less frequently, consider contacting your bank and credit card companies to let them know when and where you are traveling before embarking on that long-anticipated vacation. Also, set up alerts for unusual spending or suspicious activity on your accounts.
Use public Wi-Fi with caution
If you must use a public Wi-Fi network while on the road, always use a virtual private network (VPN), which adds a level of encryption and safety. Also, turning off the option to automatically connect to a public network in your device’s settings is an important safety step.
Travel with a portable charger
Skip the need to use public USB-charging stations by investing in a portable charger. Most chargers on the market these days can support multiple personal devices, keeping them safe and providing a level of protection against identity theft. If you must charge with a USB cable while in a public place, plug into a standard power outlet, never a communal USB charging station.
Leave no trail on public computers
If you use a public computer, remember to log out of all your accounts and delete all cookies and browsing history before logging off the computer. An even safer route is to forgo public computers altogether and stick to your personal laptop/tablet, using your mobile phone as a Wi-Fi hotspot.
Freeze your credit to protect your identity
Freeze your credit with the big three credit bureaus – Experian, Equifax, and TransUnion. This is free and will prevent anyone from applying and receiving a credit card, bank loan, or auto loan or applying to open a bank account with your information.
Take extra measures to protect your phone
Your phone is full of information hackers crave. Set a password on your phone and consider temporarily deleting sensitive apps with personal information — like banking and money transfer apps — when you’re traveling.
Also, increase your phone’s locking speed. Check your settings for how long it takes for your phone to lock automatically once the screen turns off. A shorter auto-lock time could make all the difference if your phone is stolen.
Beware of shoulder surfers in public places
If you use ATMs while in the airport or other public spaces, always cover the keypad when you type in your PIN. Use unique passwords and PINs for all your accounts. This way, if a thief steals your login credentials for one account, they can’t use them to access other accounts.
Lastly, if you’re going to use your laptop or tablet when traveling, consider buying and installing a privacy screen.
Invest in RFID-blocking wallets and purses
Travel journalist Joe Miragliotta of Joe’s Daily recommends investing in radio frequency identification (RFID)-blocking wallets and purses.
“The protective layer these wallets and purses provide is a worthwhile investment in today’s digital age,” he says. “Thieves equipped with unauthorized scanners can remotely access information from credit cards and passports, which can lead to potential identity theft or unauthorized transactions.
“The peace of mind that comes from knowing your personal data is safeguarded is invaluable. Not all RFID-blocking accessories are created equal, so it’s crucial to invest in a well-reviewed product,” says Miragliotta.
Monitor your accounts when you get home
When you return home, monitor your accounts and credit report for unusual activity. Report and dispute any activity immediately. Also, you can report identity theft to the Federal Trade Commission, which will help you create a personalized recovery plan to walk you through repairing any credit damage, recouping financial losses, and replacing your government-issued documents.