OPINION: Airport USB ports can be vulnerable to cyber scams

It’s a routine experience for travelers: looking for a convenient place to charge up your phone.

But a recent warning contains cautions about doing so at airport USB ports. “Hackers can install malware at USB ports (we’ve been told that’s called ‘juice/port jacking’),” the Transportation Security Administration warns. Juice jacking is a cyber attack in which charging stations not only transfer malware but also steal personal information from a connected device.

The agency suggests using a TSA-compliant battery pack to charge up rather than relying on airport USB ports.

Signs that a device has been compromised: It uses up more battery space than usual, it operates more slowly, it takes longer to load and it crashes frequently.

The TSA warning went a step farther and recommended staying away from free airport WiFi to avoid security concerns.

“Don’t use free public WiFi, especially if you’re planning to make any online purchases,” TSA says. “Do not ever enter any sensitive info while using unsecure WiFi.”

However, if you must use a public network, there are ways to minimize the risks. Most websites do use encryption to protect information, but be certain by looking for a lock symbol or “https” in the address bar, the Federal Trade Commission advises.

You can do this in a mobile browser as well, although it is sometimes hard to verify encryption. Be aware that scammers create fake websites that they encrypt to make you think the site is safe. “If you visit a scammer’s website, your data may be encrypted on its way to the site, but it won’t be safe from scammers operating the site,” the FTC says.

Scammed twice

If you’ve been a victim of a cryptocurrency — or any other kind of scam — the pain can be compounded by a scoundrel who wants to “help” recover the stolen funds. This is continuing to happen, with bogus law firms using social media or other messaging platforms to contact scam victims and offer their services, the FBI says.

The fraudsters claim authorization to investigate fund recovery cases and say they are working with the FBI or other government agencies on cryptocurrency cases. In some cases, victims have taken the bait through fake websites that appear legitimate, the FBI says.

Among other tactics are asking for personal details or banking information that they say will help recover the stolen money. They might ask for initial fees up front or refer to actual financial institutions or money exchanges.

In an updated advisory this month, the FBI cautioned about scammers making a reference to the “International Financial Trading Commission” (there is no such thing) — or say that the victim’s money is in a foreign bank, so the victim must register an account there.

Here’s what to do, according to the FBI:

• Be cautious of law firms that contact you unexpectedly “especially if you have not reported the crime to any law enforcement or civil protection agencies.”
• Ask for video verification, documentation or a photo of their law license. For someone claiming to work for the federal government or law enforcement, contact that agency to verify identity.
• Require notarized proofs of identity from purported lawyers before continuing any further interaction.