This article is published in collaboration with Bitdefender.
You might be one of the most well-traveled, safety-minded people in the world, but travelers especially are at a risk of getting hacked, your identity stolen and potentially falling for clever scams.
As a former IT technician, I like to think I’m pretty “up there” in terms of tech-savviness. But I was utterly confounded when I received an unexpected PayPal invoice from a company I have done business with in the past.
Turns out, it was a fake invoice, sent via PayPal, using that company’s name. And I’m not ashamed to admit that I almost paid it.
Scammers and hackers are getting smarter these days. Scaring you off isn’t my intention, but it helps to be knowledgeable about digital security. Here, I’ve laid out some of my most effective tips for ways you can keep your privacy safe while traveling, starting with the most basic.
1. Use Two-Factor Authentication
This is the easiest to implement and is going to provide the largest amount of protection for the smallest amount of effort.
Two-Factor Authentication, a.k.a. Multi-Factor Authentication (2FA or MFA), requires that you receive a one-time code via text message, email or a secure authentication app like Google Authenticator. This gives you an extra layer of protection on top of your password.
Whenever possible, you should enable two-factor authentication on your accounts.
It’s important to know that security questions are not a good safety measure. Security questions can often be a liability, because they’re easy for hackers to figure out. Your mother’s maiden name isn’t such a secret, and someone could probably find your first cat’s name from an old Facebook post.
Another, more secure version of MFA is a hardware authenticator like a YubiKey, which requires that you plug in a small USB drive in order to verify that it’s you. Just don’t lose it!
2. Protect Your Privacy With a VPN
The next highest bang for your buck? Use a VPN.
The concept of a virtual private network (VPN) might seem daunting at first, but it’s actually quite simple. A VPN protects your privacy by routing your internet traffic through a secure data “tunnel.” It also encrypts the traffic, making it unreadable to anyone who does find a way to access that tunnel.
On top of that, a VPN will shield your critical data, such as login credentials (usernames and passwords), banking information, and credit card details. Even if a hacker finds their way into your connection, they would only see gibberish instead of actual data.
The Bitdefender VPN is one of the best-priced options on the market, providing a super secure connection at an incredibly reasonably price. A VPN can also help you access blocked websites (depending on the country you’re visiting), VoIP services, and streaming services like Netflix and Amazon Prime.
3. Lock Your SIM Card With a Pin Number
Concerned that, even if you enable 2FA, a hacker could still get into your phone and intercept the one-time code? You should be.
This is a real world scenario with real world consequences. And the solution is simple: lock your SIM card with a pin number.
Not only does it protect your phone number if your phone gets stolen, but it denies all access to the SIM card without a password—hackers included.
Depending on the type of phone you’re using, you should be able to find the SIM PIN in your settings. For example, with an iPhone, just go to Settings and then Cellular. Note: you’ll have to retrieve the original PIN first, aka the Pin Unlock Key (PUK). Just check with your service provider.
4. Watch For Scams and Phishing Attempts
I am more and more amazed by how sneaky and clever scammers have become. Scams and phishing attempts are getting quite advanced, and sometimes even I have trouble figuring out what’s legit.
Terrible spelling errors and obvious fake emails are a clear red flag, but that’s just the tip of the iceberg.
First of all, don’t respond to text messages if you don’t know who the sender is. Scammers often send out texts en masse, and if you respond, you’re validating your phone number. They may try to hack your phone or use your phone number elsewhere for authentication purposes.
Another call to lock your SIM with a pin code.
Don’t ever click links from emails or texts from your bank or other social media platforms without double checking everything (and even calling your bank if necessary). Scammers will sometimes pretend to be your bank, send you low balance alerts via text or email, and ask you to click a link. This takes you to a spoofed website that looks like the official bank website, and you’ll end up entering your bank details and getting ripped off.
And then there are the realistic messages from Facebook, Instagram, or other social media platforms. Recently I received an email from Instagram that looked to be completely legitimate, saying my content was a copyright infringement. The link provided brought me to a fake website asking me to enter my Instagram credentials to view the details of the infringement.
If you receive strange messages from a Facebook or Instagram friend, question everything. A few weeks ago, an Instagram friend asked me to vote for them in a contest. I said of course, and they asked for my phone number to send me a link to vote. Then they wanted me to screenshot the link and send it to them. What really happened? They sent me an Instagram password reset URL and were looking to manually steal my account.
Finally, don’t pay invoices you’re not expecting. This seems obvious, but some people are sending legit invoices through PayPal and Quickbooks. It’s like spam, but instead of sending emails from made up email addresses, they’re sending legitimate invoices through legitimate platforms. It’s easy to get confused.
5. Use a Password Manager
How many different passwords do you use? Hopefully more than one.
For the highest level of security, you should use a different password for every single account you have. These days, that’s not just a suggestion, but a basic requirement. If you’re using a single password for every one of your accounts, someone else could use it to access every other account you own.
Let’s say your Netflix account gets hacked—now they have your primary password. If that password is the same as your online banking, you’re in big trouble.
Of course, there’s no way you’ll be able to remember dozens, hundreds or even thousands of passwords (and if you store all your passwords in a Word doc on your desktop…I don’t know what to tell you). By using a password manager like the one from Bitdefender, you can store all your passwords in one secure “vault,” and access them using a single universal password.
That means you only have to use one password to access all of your passwords, and if one account gets compromised, that security issue is isolated to that one account.
6. Only Make Online Payments With Trusted Vendors
I’m sure you’ve heard of all the usual credit card hacks, like skimming (where debit card and credit data is stolen when the user is at an ATM). But credit card hackers are a lot more clever these days.
We’re inundated with ads constantly, whether it’s TikTok or Facebook or Instagram–but it’s hard to know which companies are legit. And those companies might be selling your info to third party companies.
For example, one of my friends kept getting her Visa compromised. When she called to figure out why, the representative told her to start reviewing all of her bank statements and to remove any saved credit card data with vendors.
For one-time payments, some banks will even give you a “virtual” credit card number, which is a virtual card form of your physical credit card. Bank of America will give you a unique card number within a digital wallet that’s different from your physical card, so it can’t be accessed from your digital wallet if your phone is stolen.
7. Know the Risks of Open Networks
Public, unsecured WiFi networks can pose risks to your privacy and security, mainly because they’re wide open to everyone. If you have no trouble connecting to this network, neither does anyone else. It’s kinda like leaving your front door open. Eventually, an unwanted guest is going to get in.
If a hacker is using the same open network as you, they can read all your messages, steal private data, and even infiltrate your devices to keep stealing data even after you’ve signed off for the evening.
You can prevent this from happening by avoiding using public WiFi networks, especially if they lack password protection. It’s also a good idea to avoid WiFi networks where the password is readily on display (for example, in a cafe or at a hotel). You can disable your auto-connect as well, so that you don’t automatically connect to open networks.
Avoiding public WiFi altogether is pretty well impossible though, especially if you’re working while on the road. If you have no other choice but to use such a network, consider strengthening the security of your device by using a VPN.
7. Monitor Your Accounts
On the topic of password protection, it’s also wise to change your passwords regularly and check whether your credentials have been leaked. For example, if you use Google Chrome, you can go to your Password Manager > Privacy and Security and check for data breaches and security issues. I do this regularly (once a month or so). It’s super simple.
Or, you can use a handy piece of software like Bitdefender Digital Identity Protection that will scan the web for personal data leaks and continuously monitor if your accounts are exposed. Having a dependable identify protection service goes a long way in giving you peace of mind.
8. Use Only HTTPS Websites
We’ve now officially moved into the more boring, technical parts of online security, but stay with me.
HTTP was the standard for years, but nowadays most websites use HTTPS to protect visitors from privacy violations. Like a VPN, HTTPS also relies on encryption to prevent attackers from intercepting data that’s being shared between a website and its visitors.
This includes messages, emails, transfers, banking information, credit card details and login credentials. The whole idea is that hackers won’t be able to decipher data between you and a website if HTTPS is being used.
Modern web browsers, such as Google Chrome, display HTTPS websites differently than HTTP ones. You can check if the website you’re visiting uses HTTPS by taking a quick look at the address bar. HTTP websites are flagged as Not secure, whereas HTTPS websites display a padlock icon next to the URL on the left.
Keep in mind that VPN and HTTPS are two very different things: HTTPS only encrypts browser traffic, but a VPN offers you system-wide protection covering all Internet-enabled apps (like your browser, email, SMS, etc). The best thing you can do to keep your privacy safe is to double up by using a VPN and also only connecting to HTTPS websites (wherever possible).
***
Although each tip I’ve provided here is very effective on its own, I recommend following them all (or as many as you can) to ensure that your online privacy is safe.
The bottom line is that hackers and cyber-attackers are getting smarter. When you stay on top of protecting your privacy, you’ll be able to avoid identity theft and a whole slew of other problems. Pay attention to where you’re putting your personal information, and you’ll do just fine!