You know malware is dangerous when the US Secret Service gets involved.
The US Secret Service has two primary jobs: protect the president and protect the nation’s currency.
Somehow, revealing malware also falls under those goals. The Secret Service recently issued a “non-public advisory” warning of infected hotel computers and keyloggers.
Specifically, the Secret Service is reporting that keylogging software is becoming more and more common at major hotel business centers. The news comes after authorities arrested several suspects for infecting business center computers in the Dallas area.
Crooks were reportedly using stolen credit cards to register as hotel guests and use business center computers. They would then use Gmail to download keylogging software onto the computers.
This keylogging software was used to capture login credentials for banks and other online services. Any guest who used the infected computer would have their accounts compromised.
Why you shouldn’t use hotel business centers
One of the most important laws of PC security works like this:
“If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.”
That law comes from Microsoft’s TechNet blog and it rings true around the world. Even a moderately skilled hacker can successfully infect a PC when given physical access – even if that PC is locked down, secured, and protected by an internal network.
Hackers have clearly started to target business centers. In a business center, hackers have physical access to a PC. Even if that business center is supervised or within sight of hotel staff, there’s no guarantee of protection.
Some of the information stolen from hotel business center computers includes:
-Bank login credentials
-Retirement and personal webmail accounts
-Other sensitive personal data
Once a keylogger or tracker is installed on a computer, that program can monitor everything that occurs on the PC – from Facebook to Twitter to banking information.
Okay, but what if I really have to use a hotel business center?
Obviously, there are some situations where you may not be able to avoid using a hotel business center.
Let’s say you need to immediately print something out for a conference or event. What should you do?
Security experts recommend creating a “throwaway” email account using a unique password that has no connection to any of your other accounts. Simply use that email account in the business center and never use it again.
If you need to create a quick email account, I recommend using 10 Minute Mail, which works exactly like it sounds.
Or, you could just bring your laptop or smartphone to hotels and use that to handle your computing needs.
Ultimately, the most important PC security tip to get out of this is this: treat every hotel computer like it’s infected. If you do that, and take proper precautions, you’re far less likely to become a victim of fraud or identity theft.