Chennai-based
urologist Dr Jaison Philip shared a video on X about a scam that occurred inside the Bengaluru International Airport to a woman traveller who uses an iPhone. In September, while at the airport, the woman was asked to download an app called Lounge Pass on her mobile when she wanted to use the lounge, she says in a video posted online.
While she did not actually use the lounge, the app remained on her mobile when she was busy attending to her ailing parents. Meanwhile, her friends and colleagues told her they could not reach out to her. She assumed it could have been because of a poor network signal. Then somebody asked why a male was answering calls on her mobile. However, due to the hospitalisation of her parents, she did not pay much attention to it. When she received her credit card statement, she found Rs87,125 transferred to PhonePe in Bengaluru without her knowledge. She filed a complaint and the investigation is going on.
In this case, there are two noteworthy issues. First, downloading and installing the app allowed her mobile screen to be shared and it granted access to her phone settings to the fraudsters behind this scam. Screen sharing allowed the fraudsters access to her credentials and the one-time passcode (OTP) sent to her mobile. Secondly, they enabled call forwarding on her mobile which explains why a male voice was answering her calls.
With the ongoing festivals and holidays, many of us have made travel plans. Travelling is fun, provided you do not let your guard down and are alert to issues pertaining to cyberspace and mobile devices. I believe that cybersecurity is as critical as packing your suitcase yourself.
Travellers are particularly vulnerable to cyber scams as they often connect to unfamiliar networks, access sensitive data, use financial information on the go and connect to public charging points.
Here are some common cyber scams that travellers may face...
- Fake Wi-Fi hotspots: Cybercriminals set up Wi-Fi networks that look like legitimate hotel or airport Wi-Fi but are intended to intercept data. While public Wi-Fi networks at airports, hotels and cafes are convenient, they are often unsecure. Cybercriminals can easily eavesdrop on these networks to steal sensitive information.
- Phishing emails or messages: Travellers may receive fake emails or messages claiming issues with reservations, flights, or payment requests, luring them to click malicious links.
- Fake booking websites: Scammers create fake websites offering discounted flights, hotels, or car rentals to collect personal and payment information.
- ATM skimming: Fraudsters use devices attached to ATMs to skim card information, especially around tourist-heavy areas.
- Travel app malware: Some fraudulent apps promise to help with local navigation, translations, or deals but instead install malware to steal personal information.
- Shared computers/ devices: Fraudsters set up 'Trojan' computers or even allow the traveller to use his mobile phone, often laced with malware that records your keystrokes and personal information.
Remember, cyber scams or frauds during travel happen because criminals prey on the convenience and urgency of travellers. Therefore, it is important to take time to double-check connections and services.
Here are a few suggestions to make your travel a better experience in terms of cybersecurity...
1. Always use secure connections: Avoid public Wi-Fi, especially for sensitive activities that involve financial transactions or banking. Use a virtual private network (VPN). A VPN encrypts your internet connection, making your online activities private and secure, even on unsecured networks.
2. Verify Wi-Fi networks: Always confirm with hotel or airport staff before connecting to any Wi-Fi, as scammers often use similar network names.
3. Use trusted websites and apps: Ticket and other related booking for your travel plan must be done only through reputable websites or apps. Also, look for 'https' in the website URL. Avoid clicking links in unsolicited emails or messages.
4. Enable multi-factor authentication (MFA): MFA adds an extra layer of security to your online accounts. So even if someone steals or guesses your password, they will not be able to access your account without the other factor.
5. Be cautious at ATMs: Use ATMs inside banks or hotels, as they are less likely to be tampered with. Cover the keypad when entering your PIN.
6. Update security software: Keep your device's security software up-to-date to protect against malware and other threats.
7. Turn off Bluetooth and Wi-Fi when not in use: Scammers can use open Bluetooth or Wi-Fi connections to gain access to your device.
8. Backup your data and device: Regular backups of devices protect you from data loss due to device failures or malware infections. You can take backup on an external hard drive or use a cloud service. Backup comes in handy in case your device is lost or stolen and you can still access important files on your device.
9. Keep an eye on your devices: During travel and in public places, never leave your devices unattended. The devices can not only be physically stolen, but a criminal could also access your personal information. Always keep your devices within sight and use biometric security features like fingerprint or face recognition, if available.
Just like life is a journey, cybersecurity is also a journey, not a destination. It means you always need to remain alert and cautious and protect your belongings, including electronic devices and gadgets.
Stay vigilant and you will be well on your way to a safer, more secure vacation.
Have a Happy and Safe Journey!
How To Report Cyber Fraud?
Do report cybercrimes to the National Cyber Crime Reporting Portal http://cybercrime.gov.in or call the toll-free National Helpline number, 1930. To follow on social media: Twitter (@Cyberdost), Facebook (CyberDostI4C), Instagram (cyberdostl4C), Telegram (cyberdosti4c).
If the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.