Hackers love “your” holidays!

There is something in common between our work-time and our holidays: we are constantly connected!

In the standard office routine, we get to our desk, turn on our laptop, and start using the tools that we need without paying much attention to the operations that can help us navigate safely. We essentially rely on our company’s network as being a safe place to navigate, and the sense of security is intrinsic: Firewalls, protocols, web filters, ad-blockers are things that we don’t really need to care about. 

With the rise of smart working, the change of our habits (refer to our article here), and the increasing number of worldwide cyber-attacks (check out current cyber-attacks in real-time here) suggest that this is something we should pay attention to. 

We have collected some tips ’n tricks and best practices that are well-worth considering, especially during holiday get-aways (even if you plan to work remotely from a serene white Caribbean beach in August). 

  1. Avoid public WI-FI’s. Small shops, bars, local restaurants, service areas… Most of the time, these networks are built by non-professionals, so there are no hacker-proof practices applied, nor any security protocols used for cryptography algorithms that have been implemented. This implies a low security environment, public data transits that can easily be intercepted, or even high probability of “sniffing”. There is therefore a very high risk that the information you are accessing or sharing on such public Wi-Fi’s can be pirated used  used maliciously.
  1. Public WI-FI’s are the only chance? Be sure they are real. If you decide to sit down at a Starbucks and you search for available wi-fi, you’ll probably see something like “Google Starbucks” (the official one). Hackers have been known  to go to such places (as Starbucks) and set up fake hotspots (a cheap device is enough, like a RaspberryPi) naming it, for instance, as “Starbucks Wi-Fi”, with no password needed. If you join it, they’ve probably set up a custom DNS with fake social media home pages. So, you go to facebook.com (or you’re supposed to), type your user ID and password, hit Enter…but nothing happens. It’s not very likely that you’ll ever notice that the page you were directed to was a clone that collects your data and stores it somewhere to be “reused” (ransom requests, account blocking, identity theft). Some more friendly advice:  If you really need to use these public networks, make sure it’s not for any e-commerce! Hackers are just sitting and waiting for you to fill online forms with your payment details!
  1. Use your mobile phone as a personal hotspot for other devices. Use it to browse the web. Set up a strong password to make sure that no one will be able to join it and use your 4G/5G to enjoy the navigation. It’s easy to set up, secure, and fast!
  1. Use a VPN. If you have a subscription to a VPN provider, don’t forget to switch the VPN on, and make sure that you’re using it to navigate. A VPN is a great tool to avoid most of the issues related to IP spoofing, DNS rerouting and other dangerous attacks. In the last 5 years, VPN providers have lowered their subscription plan, so you can buy a good one for a couple of dollars per month!
  1. Big Brother is watching you. One of the most common attempts to breech our security, is by stealing data by simply reading it. Make sure that when you type a password, or insert your credit card number, that no one is watching your screen or your keyboard. Apply the same precautions as when you withdraw cash from an ATM in a busy city-centre.
  1. Pay attention to QR Codes. Since the pandemic, it’s become quite common for bars and restaurants to leave a QR code on patron tables, for customers to access their menus via their personal smart phone, rather than handling a physical menu. Some clever hackers have been known to swap out the legit QR codes for their own, thus redirecting patrons to their own malicious websites. Simply make sure that the QR is trusted by checking with restaurant staff.
  1. Social engineering. When we share our information on social media, we should bear in mind that “Once on the internet, forever on the internet”, aka “digital permanence”. A nice picture on Instagram with a cool caption like “Ciao from beautiful Capri! Can’t wait to enjoy this week with my pals” is Gold for social hackers. In a nutshell, sharing location, timelines, and the people with who we are is the perfect set up to be “phished”.  You can expect some malicious emails to reach you, along the lines of  “Hi dear, come and join our boat tour of the island!  Just sign-up here…”. You’ll click on it, login with your Facebook account, and before you know it, you’ll have revealed some sensitive personal data to hackers…   It doesn’t just end there however:   Months later, even after you may have removed your Instagram post, some hackers could still be out there to phish for some of your details.  You’d never suspect anything if you were to receive messages asking you things along the lines of “review your stay” – long forgetting that it was your post that revealed where you were staying in the first place.
  1. Always lock your devices in shared areas. Smartphone, Mac Book, PC, tablet, camera, Kindle. Don’t forget to set a passcode and block the device whenever you leave it, even if it’s just for a few seconds.
  1. Don’t accept files or media via AirDrop (or similar). Last Easter break I was travelling by train and I decided to send a “Happy Easter” picture via AirDrop. I found 13 devices and sent the picture to all of them. Just a couple of seconds, then I heard some people laughing and saw them smiling. They accepted the media without knowing who I am or what’s inside the file. I need not say more 😉

  1. Set up a double factor authentication when possible (MFA). This is a practice that we should embed in our minds at all times, not just for the summer period. When we’re kicking back and enjoying our summer vacation, we may pay much attention to emails like “Someone in Chicago has logged into your Gmail account. If this activity was performed by you, then please ignore this email”. And maybe it’s too late. Since a lot of websites, social media, e-commerce sites, and providers offer MFA, it’s in our best interest to make use of it, so we can login to our preferred service using an OTP (a notification on our smartphone or a verification code sent via email).  It’s always a good idea. 

Bonus hint: Don’t share User ID, passwords or other personal information via Whatsapp, Telegram or other IM tools. This isn’t about how secure these Apps are (  we know that their crypto-algorithms are really quite strong) but it’s more about the fact these very Apps have now become multi-platform, and this means that if you’re typing something on your smartphone and that you also have an open session on your PC, then it’s sufficient to have access to one of them to see everything is going on the other one. 

Cybersecurity is a very vast topic, and it can get complicated if you choose to deep dive into it. There are however some basic simple habits and behaviours that can help us avoid walking into traps set out by hackers. “Data is the new gold” and hackers are constantly scanning the digital world to find those little open doors. We can use some precautions to discourage them and make their work harder.  

We hope that you’ve enjoyed a safe and hack-free summer!  Stay tuned as we embark on our next series to discuss the red-hot topic of Cybersecurity.

There is something in common between our work-time and our holidays: we are constantly connected!

In the standard office routine, we get to our desk, turn on our laptop, and start using the tools that we need without paying much attention to the operations that can help us navigate safely. We essentially rely on our company’s network as being a safe place to navigate, and the sense of security is intrinsic: Firewalls, protocols, web filters, ad-blockers are things that we don’t really need to care about. 

With the rise of smart working, the change of our habits (refer to our article here), and the increasing number of worldwide cyber-attacks (check out current cyber-attacks in real-time here) suggest that this is something we should pay attention to. 

We have collected some tips ’n tricks and best practices that are well-worth considering, especially during holiday get-aways (even if you plan to work remotely from a serene white Caribbean beach in August). 

  1. Avoid public WI-FI’s. Small shops, bars, local restaurants, service areas… Most of the time, these networks are built by non-professionals, so there are no hacker-proof practices applied, nor any security protocols used for cryptography algorithms that have been implemented. This implies a low security environment, public data transits that can easily be intercepted, or even high probability of “sniffing”. There is therefore a very high risk that the information you are accessing or sharing on such public Wi-Fi’s can be pirated used  used maliciously.
  1. Public WI-FI’s are the only chance? Be sure they are real. If you decide to sit down at a Starbucks and you search for available wi-fi, you’ll probably see something like “Google Starbucks” (the official one). Hackers have been known  to go to such places (as Starbucks) and set up fake hotspots (a cheap device is enough, like a RaspberryPi) naming it, for instance, as “Starbucks Wi-Fi”, with no password needed. If you join it, they’ve probably set up a custom DNS with fake social media home pages. So, you go to facebook.com (or you’re supposed to), type your user ID and password, hit Enter…but nothing happens. It’s not very likely that you’ll ever notice that the page you were directed to was a clone that collects your data and stores it somewhere to be “reused” (ransom requests, account blocking, identity theft). Some more friendly advice:  If you really need to use these public networks, make sure it’s not for any e-commerce! Hackers are just sitting and waiting for you to fill online forms with your payment details!
  1. Use your mobile phone as a personal hotspot for other devices. Use it to browse the web. Set up a strong password to make sure that no one will be able to join it and use your 4G/5G to enjoy the navigation. It’s easy to set up, secure, and fast!
  1. Use a VPN. If you have a subscription to a VPN provider, don’t forget to switch the VPN on, and make sure that you’re using it to navigate. A VPN is a great tool to avoid most of the issues related to IP spoofing, DNS rerouting and other dangerous attacks. In the last 5 years, VPN providers have lowered their subscription plan, so you can buy a good one for a couple of dollars per month!
  1. Big Brother is watching you. One of the most common attempts to breech our security, is by stealing data by simply reading it. Make sure that when you type a password, or insert your credit card number, that no one is watching your screen or your keyboard. Apply the same precautions as when you withdraw cash from an ATM in a busy city-centre.
  1. Pay attention to QR Codes. Since the pandemic, it’s become quite common for bars and restaurants to leave a QR code on patron tables, for customers to access their menus via their personal smart phone, rather than handling a physical menu. Some clever hackers have been known to swap out the legit QR codes for their own, thus redirecting patrons to their own malicious websites. Simply make sure that the QR is trusted by checking with restaurant staff.
  1. Social engineering. When we share our information on social media, we should bear in mind that “Once on the internet, forever on the internet”, aka “digital permanence”. A nice picture on Instagram with a cool caption like “Ciao from beautiful Capri! Can’t wait to enjoy this week with my pals” is Gold for social hackers. In a nutshell, sharing location, timelines, and the people with who we are is the perfect set up to be “phished”.  You can expect some malicious emails to reach you, along the lines of  “Hi dear, come and join our boat tour of the island!  Just sign-up here…”. You’ll click on it, login with your Facebook account, and before you know it, you’ll have revealed some sensitive personal data to hackers…   It doesn’t just end there however:   Months later, even after you may have removed your Instagram post, some hackers could still be out there to phish for some of your details.  You’d never suspect anything if you were to receive messages asking you things along the lines of “review your stay” – long forgetting that it was your post that revealed where you were staying in the first place.
  1. Always lock your devices in shared areas. Smartphone, Mac Book, PC, tablet, camera, Kindle. Don’t forget to set a passcode and block the device whenever you leave it, even if it’s just for a few seconds.
  1. Don’t accept files or media via AirDrop (or similar). Last Easter break I was travelling by train and I decided to send a “Happy Easter” picture via AirDrop. I found 13 devices and sent the picture to all of them. Just a couple of seconds, then I heard some people laughing and saw them smiling. They accepted the media without knowing who I am or what’s inside the file. I need not say more 😉

  1. Set up a double factor authentication when possible (MFA). This is a practice that we should embed in our minds at all times, not just for the summer period. When we’re kicking back and enjoying our summer vacation, we may pay much attention to emails like “Someone in Chicago has logged into your Gmail account. If this activity was performed by you, then please ignore this email”. And maybe it’s too late. Since a lot of websites, social media, e-commerce sites, and providers offer MFA, it’s in our best interest to make use of it, so we can login to our preferred service using an OTP (a notification on our smartphone or a verification code sent via email).  It’s always a good idea. 

Bonus hint: Don’t share User ID, passwords or other personal information via Whatsapp, Telegram or other IM tools. This isn’t about how secure these Apps are (  we know that their crypto-algorithms are really quite strong) but it’s more about the fact these very Apps have now become multi-platform, and this means that if you’re typing something on your smartphone and that you also have an open session on your PC, then it’s sufficient to have access to one of them to see everything is going on the other one. 

Cybersecurity is a very vast topic, and it can get complicated if you choose to deep dive into it. There are however some basic simple habits and behaviours that can help us avoid walking into traps set out by hackers. “Data is the new gold” and hackers are constantly scanning the digital world to find those little open doors. We can use some precautions to discourage them and make their work harder.  

We hope that you’ve enjoyed a safe and hack-free summer!  Stay tuned as we embark on our next series to discuss the red-hot topic of Cybersecurity.