On May 5, the Internet Crime Complaint Center (IC3) issued a warning to people traveling abroad to beware of malware. The IC3’s release stated, “Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.”
This malware scam currently only applies to those traveling abroad, but the tips provided are good advise for anyone using any network away from home.
How the malware scam works
So how does this scam work? The bad guys know us well. For instance, they know that the first thing a traveler will do in a hotel is to look for an Internet connection. They also know that we, as computer users, have become accustomed to frequent software updates for certain products. In addition to that, most computer users almost automatically accept those software updates without a second thought. And therein lies our weakness.
While the hotel’s connection can be trusted, it’s the popup window that appears prior to or during the connection setup that is the problem. The popup advises the user that there is a software update. When the user clicks on the button or link to accept the update, the malware is installed.
How to protect yourself from the malware scam
In the IC3 release the FBI recommended that those traveling abroad “take extra caution before updating software products on their hotel Internet connection.” They also suggested that users update their software before leaving home and that they check the digital certificate for the update. Those suggestions, however, assume that the traveler would take the time to update software and know how to check a digital certificate. Let’s get practical.
1) Unless you’re traveling abroad for an extended period of time, there’s no reason to update software while on the road. So, just don’t accept the software update. You’ll be able to “catch up” when you get home.
2) If you must update the software, go to the software vendor’s website and download the update.
Report the malware attack
If you believe that you’ve been targeted with a malware scam, contact your local FBI office or report the incident at www.IC3.gov.