June 2025
June is Internet Safety Month and it also marks the travel and vacation season for a lot of folks – school is out, the weather is warm and it is the perfect time to unwind. While we are planning our vacation, don’t forget to stay cyber-aware since traveling can expose us to new security risks especially when using public Wi-Fi (unsecured connectivity), posting on social media (public awareness), or bringing along multiple connected devices (increased attack surface). See what I did there? I gave these everyday actions cyber labels to help keep us cyber-aware. Cybersecurity is everyone’s responsibility, even while on vacation! This month’s tips are all about helping us to enjoy the well-earned break without giving hackers a free trip through our data and our wallet. Let’s keep it sunny and secure. 🌞💻 We’ll be going over the latest scams targeting travelers, smart ways to lock down devices on the go, track devices and what never to do with a laptop, storage or mobile phone.
Latest Scams Targeting Travelers
- Urgent trip cancellation phishing emails of spoofed airlines or travel services.
The e-mail will typically look like an official e-mail: it can contain a fake/spoofed airline logo, sometimes express a sense of urgency, and might also contain numbers to a call center. Calling one of these numbers provides the scammers with your phone number, which can be easily looked up online. Giving the fake call center further information regarding your flight can allow them to find your itinerary, cancel your flight, or even rebook your flight for someone else. Some airlines and travel agencies also allow folks to find their itinerary by phone number using their app or website. Never call numbers from unexpected emails! Always go directly to the vendor’s website or app to verify if there is a concern.
- E-mails and SMS Text message notifying folks of a missed tollway payment.
Traveling by car on vacation? I-Pass and E-ZPass are both electronic toll collection systems that allow drivers to pass through toll booths without stopping to pay. There have been numerous I-Pass and E-ZPass text messages claiming that the card on file has expired.
Be vigilant: these messages are fake! Never click on a link from an SMS text message unless you are 1000% sure it is legitimate. Always go directly to the vendor’s website or app to verify if there is a concern.
Update Computer System and Software
Software updates often include critical security patches that close vulnerabilities hackers could exploit, especially when we're outside our usual trusted work environment. Failing to update before traveling can leave our devices more exposed to threats, especially if we're connecting to unfamiliar networks. Doing a quick check for any updates helps to get ahead of any flaws and vulnerabilities.
Updates should include:
- The operating system
- Web browsers
- Productivity tools
- Security applications like endpoint protection
Ensure that after updates are completed a reboot or application restart is done. Without a reboot/restart updates may not apply.
In general:
Manage Wireless Connection Services
Turn off Wireless, Bluetooth, and NFC connectivity when not in use, especially in public areas. Wi-Fi is inherently insecure, and leaving these features on can make your device vulnerable to unauthorized access or tracking. Disable any setting that automatically connects to available Wi-Fi networks, and avoid allowing your device to remember public or unknown networks.
Public Wi-Fi at airports, hotels, and cafes may be convenient, but it’s often poorly secured. Cybercriminals can easily intercept unencrypted traffic or set up fake networks to steal information. If you absolutely must use public Wi-Fi, always connect through a VPN (Virtual Private Network) to encrypt your internet traffic and protect sensitive data as it travels between your device and your intended destination.
- Some carriers allow us to use our phones as a hotspot (sometimes with a data cost), which turns the phone into a Wi-Fi router that can provide internet access to other devices.
Enable Find my Device
Don’t Leave Your Device or Storage Media Unattended
Traveling with devices requires extra caution, especially when handling sensitive or work-related information. Leaving laptops, tablets, or phones unattended, even briefly in hotel rooms, airport lounges, rental cars, or conference areas poses a significant security risk. Devices can be lost, stolen, or tampered with, potentially exposing confidential data. To reduce this risk, always keep your devices with you or in a securely locked location, such as an anti-theft security bag (hotel safes are not secure).
As simple as this is to remember to keep our devices with us… we hear reports about this often at the BSD Information Security Office. Here are some statistics to help keep you informed...
We hope these insights help! If you have any topics you would like us to write about in our newsletter, please feel free to drop us a line and let us know by e-mailing security@bsd.uchicago.edu