The ease that fraudsters can hack into a travel agent’s business was on full display at a general session at the ASTA General Convention in San Diego last month.
In a discussion led by ASTA’s Mark Meader, Teddy Lindsey, CTO of cyber security firm Ntrepid, asked attendees how many of them had logged on to the “ASTAFreeWifi” connection on their phones or laptops.
Hands went up across the hundreds of attendees.
Lindsey then began to read off the names of smartphones he could see on his phone, as he had set the router up to benignly ensnare attendees in order to make his point.
“What could have been happening, is that your phone was going out to check email, and that traffic was being redirected to one of their servers,” Lindsey said. Anything in those emails, including business critical and confidential information, credit card numbers, or ID information like passport details, would then be in the hands of people with malintent.
“It should be concerning for the traveler and for you, the travel advisor,” he said.
Dani Charles, CEO and co-founder of Charles Bernard Ventures, New York, cautioned travel agents to be wary of other public computer access, like hotel business center desktop computers open to guests.
“I’m not suggesting that the Sheraton’s computers aren’t safe,” he said, but when you walk into a hotel’s business center to check your e-mail or log in to an airline account to check your flight, “you’re trusting that someone hasn’t put something malicious on that computer, and is now accessing your activity,” he said.
Tools for protection
Charles noted how sometimes those agents aren’t individuals or groups of hackers acting on their own. He pointed out the revelation that a recent ransomware outbreak was directed by the North Korea.
“Risks are extensive, in terms of what you and your travelers face,” Charles said, but he and Lindsey pointed out that there are numerous tools that agents can use to protect themselves, and should encourage their clients to use as well.
One key tool is a Virtual Private Network (VPN), which encrypts any activity from the user’s computer throughout the internet.
The panelists also recommended that instead of emailing photos of passports, drivers licenses or other important forms of ID, that agents and their clients use cloud storage tools like Dropbox, or Microsoft’s OneDrive.
If convenience is important, Lindsey said, agents can email documents in a password-protected zipfile.
Charles and Lindsey also recommended using cloud storage tools like Carbonite, and more secure communications tools, like iMessage from Apple, WhatsApp and Viber.
Finally, both Charles and Lindsey asked agents to use some basic common sense.
“Don’t put anything in an email that you wouldn’t put in a letter in the mail, and risk someone opening that letter and reading it,” Charles said.