Hotel Wi-Fi Networks Installing Malware

APCUG's picture

If you are traveling this year, there is a new hacking scheme that you should be aware of. The Federal Bureau of Investigation is warning travelers to watch out for malware that comes through hotel Internet connections.

Here’s how it works. When you get to the hotel and connect to the Internet through their wireless or wired Internet connection, you get a pop-up notifying you that you must update your Java in order to have the connection work. When you give your approval, malware is installed on your computer giving the hackers access to your personal information. The malware also serves third-party advertisements to infected computers.

Bloomberg has recently reported that Chinese hackers have stolen private data from as many as 760 firms by hacking into the iBahn, a broadband and entertainment service that offered to guests of hotel chains such as Marriott International Inc.

The advice offered by the FBI’s Internet Crime Complaint Center (ISC3) includes:

  • Carry out all software updates before traveling.
  • Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor.
  • Download software updates direct from the vendor’s website.

I recommend skipping any software updates that you are offered when traveling and using an encrypted connection for handling email when you are on the road. The way to do this depends on how you access your email when you travel.

Gmail is secure since it is encrypted. Other email, however, may not be encrypted. For instance, Time Warner’s Road Runner Web Mail that you can use when you travel encrypts your user name and password, but not your email itself. Other services may be different. You will want to investigate the service you are using. If you are not sure if your email is encrypted, you can use a free service called Mail2Web at www.mail2web.com. To use it you simply click on “Secure Login” then put in your email address and password. (Make sure you don’t just click “Check Mail” which gives you an unencrypted connection.)

If you are not traveling, you still need to keep your guard up. I recently received a very real-looking email that was supposed to be from Order-update@amazon.com. Since I often make purchases at Amazon, this piqued my interest. The email said that my Amazon order had been successfully canceled and gave a link to the order in question as well as to Amazon’s website. I didn’t want any orders cancelled, so I read the entire email. Then I hovered my mouse over the two links that supposedly went to Amazon and found that they went to some other website. (This is a great way to check the links in an email. Just remember that you only put your mouse over the link rather than actually clicking on it).

Remember that if you come across these or any other suspected hacking or phishing schemes, you can report them to the FBI’s Internet Crime Complaint Center (ISC3) at www.ic3.gov. This website also has great information and alerts for the latest scams.

You will be amazed by the sheer number of crime schemes that are floating around the Internet. There is everything from Ponzi and Pyramid schemes to Internet Extortion. So check out this website. Just as in real life, you have to be aware of the pitfalls to keep yourself safe. It’s always good to follow the advice given by Sergeant Phil Esterhaus in Hill Street Blues. “Let’s be careful out there.”

By Sandy Berger, CompuKISS

www.compukiss.com

sandy (at) compukiss.com