Most people, when they want to go on vacation, use the internet to find hotels, compare prices, make reservations. Many times, they need to fill in some personal data online.
However, some incidents have been reported in recent years violation customer data of large companies and hotels (eg Expedia, British Airways, booking.com, Marriott).
Chris Morales, Head of the company Vectra security, said that once hackers target a business, it's a matter of time to make a successful attack.
Hackers now use sophisticated methods. With careful steps and effort, they do not have difficulty attacking companies. The point is, to enable the business to quickly realize that it has been hacked and acted promptly.
What you should know when making a reservation online;
As Mr Morales said, the hackers usually violate hotel or business sites and thus violate customer data. This also happened with Expedia.
Hackers install a malicious one software to the site, which allows them to steal information as people click and make purchases.
They can still access other systems and extract other information. In the case of Expedia, crooks had access to hotels, car rental companies and much more.
Fraudsters are constantly on the lookout. Once they detect a vulnerability in a site, they exploit it.
The goal, in these businesses, is usually customer data. How they use the data they steal depends to a large extent on the type of data. For example, if they steal credit card details, they will rush to sell them on the black market (Dark web), because they have to get rid of them before the cardholders get it and block the cards.
However, some people use data they get for other purposes, such as tracking specific people. This was in the case of Marriott. The goal of the violation was to monitor some policies.
"This is what we would call government espionage," Mr Morales said.
There have also been reports of theft of air tickets, miles or loyalty points sold by hackers to make a profit.
They can protect their data when making reservations online;
In the digital age we live, it is difficult to have complete security. Hackers are constantly evolving their methods, so people are at risk when they import personal data into the Internet and make online payments.
However, there are some things that customers can do.
- Although credit cards are safer than debit cards, it is a good idea to avoid using them credit). It is preferable to use applications, such as PayPal, wherever possible.
- All people must be on alert, seeing some suspicious activity. There should be a regular check on the bank account, so if something strange happens, block the card in time.
- Regularly change Internet passwords and receive a new credit card every year. The latter helps because if a company is broken, it will have the old data and not the new one (since it will be attacked by a company you have used in previous years).
- Avoid using public Wi-Fi to use apps that include personal or financial data.
- Attention to ATM credit card skimmers (devices on cash machines that get the card details).
- Avoid a random ATM on the way to withdraw money (the bank is more reliable).
- Avoiding social media publications about holidays. Avoid disclosing the site for security reasons. If a fraudster knows the absence of someone, he can take advantage of it to get into his house and steal him.
What should people do if they realize that their data has been violated?
What needs to be done depends also on the type of information that has been stolen. If we are talking about a bank or bank card violation, then we need to contact the bank immediately.
Also, passwords must be changed as soon as odd behavior is observed and two-factor authentication is used wherever possible. It is good to choose sites that ask for more information than password to allow connection or purchase.
However, holiday booking sites do not do this, because more emphasis is placed on convenience than on safety.
Travel companies and hotels should take the issue of security more seriously. Otherwise, we will continue to see many attacks and customer data violations.