This year, Spring Break vacationers are packing more than their flip-flops, bucket hats, and sunglassesâtheyâre also packing a few cybersecurity anxieties for the trip.
According to new research from Malwarebytes, 52% of people said they âworry about being scammed while traveling,â while another 40% admitted that they âworry about my kids or family sharing trip details online.â While most people said they will act on these concernsâ63% will make sure their security software is up to date, 53% will back up their dataâroughly 10% of people said they will take no precautions whatsoever into protecting their security or privacy while on vacation.
The findings reveal that the public approaches cybersecurity as a patchwork quilt, implementing some best practices while forgoing others, and engaging in a few behaviors that carry significant risk online.
For this research, Malwarebytes conducted a pulse survey of its customers in March via the Alchemer Survey Platform.
Broadly, Malwarebytes found that:
- 52% of people âagreedâ or âstrongly agreedâ that they âworry about being scammed while traveling.â
- 20% of people âagreedâ or âstrongly agreedâ that they âdonât really think about protecting my data while traveling.â
- 38% of people said they will book their next travel opportunity through a âgeneral search,â which could leave them vulnerable to malvertising.
- Apps are a way of life, as 66% of people said they use between one and six apps specifically for travel (such as hotel apps, airline apps, and translation apps). A particularly plugged-in 8% of people said they manage more than seven apps for the same purposes.
- To stay cybersecure and private on vacation, the majority of people will backup their data (53%), ensure their security software is up to date (63%), and set up credit card transaction alerts (56%), but 10% will take none of theseâor otherâsteps.
- 53% of people refuse to take a single laptop with them on vacation, whereas just 1% leave even their smartphone behindâtalk about a holiday.
Risky business break
The cybersecurity risks around personal vacations are unlike those around the holidays for major organizations and businesses, in which cybercriminals know that low staffing will leave companies more vulnerable to an attack or breach.
Instead, far-flung Spring Breakers can engage in a series of behaviors both before and during their holidays that leave them open to online scams and theft.
Take, for example, the 38% of people who told Malwarebytes that they would conduct a âgeneral search onlineâ in booking their next vacation. While Google searches are probably one of the most common tasks for any vacation planning, the results that people see can be manipulated through a type of cybercrime called malvertising, short for “malicious advertising.âÂ
In malvertising, cybercriminals will create a fake website that looks like a popular service, like Facebook, Slack, or eBay. Cybercriminals will also pay a small sum so that these fake websites show up near the top of Googleâs sponsored results for relevant searches. Once users click on the websites, which appear legitimate, theyâre tricked into downloading malware or handing over sensitive information to scammers.
A safer option for vacationers is to book travel directly with an airline or hotel chain. Many participants wrote this approach into the Malwarebytes survey when selecting the “Other” option (14%). Interestingly, the 29% of respondents who said they use a travel agent for booking likely also receive some extra safeguards, simply because another, experienced, person is involved in the process.
But in the same way that cybercriminals have begun abusing Google search results to send victims to dangerous websites, theyâve also done the same to trick users into downloading fake versions of popular apps.
Android âphishingâ apps are a serious threat to users todayâMalwarebytes detected 22,800 of them last year aloneâand, as we wrote before, they represent the next step in camouflaged cyber-scamming:
âBy disguising themselves as legitimate appsâincluding for services like TikTok, Spotify, and WhatsAppâAndroid phishing apps can trick victims into typing in their real usernames and passwords on bogus login screens that are controlled entirely by cybercriminals.”
The threat here endures long after the app is installed. If enough victims unwittingly send their passwords, cyber thieves could bundle the login credentials for sale on the dark web. Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accountsâtesting whether, say, an email account password is the same one used for a victimâs online banking system, their mortgage payment platform, or their Social Security portal.
This wouldnât be too much a problem if modern traveling didnât involve so many apps.
According to our survey, 44% of people manage between two to four apps specifically for travel purposes, and 9% manage between five and six apps. And while 20% of people use zero apps for travel and 14% use just one app, there are 8% of people who rely on more than seven apps strictly for travel purposes.
That could include airlines apps, hotel apps, translation apps, and more. But as more apps help with traveling needs, more opportunities arise for those apps to be falsely emulated and maliciously advertised online.
As for what people do while physically on vacation, many engaged in online behaviors that could prove risky, but they can hardly be criticized for it.
For example, 25% of people said they scan QR codes while on vacation. These codes could lead people to malicious websites, but QR codes have become normalized at restaurants that no longer have physical menus. And 33% of people âlog into financial institution sites or apps to manage [their] budget, check purchases, etc.â This type of activity was susceptible to online eavesdropping many years ago, but everyday internet connections have become far more secure in the past decade. That said, it’s inspiring to see that 41% of people “download or install a VPN” to provide an extra level of security when browsing on public Wi-Fi.
Safe travels
Cybersecurity is probably the last thing people want to âpackâ before going away on a break, but, thankfully, itâs something that a majority of people said they do.
For instance, 63% said they âcheck that [their] security software is up to date,â while 53% said they âbackup [their] data.â Similarly, 56% said they âset up credit card transaction alerts.â And while it isnât quite a majority, 47% said they turn on âFind my Deviceâ features which can help in case of a lost or stolen device. Interestingly, people do not commit to the same precautions for their bagsâjust 21% of survey participants said they âput a tracker in [their] luggage.â
Still, thereâs progress to be made.
Not only did 10% of survey participants share that they take zero cybersecurity or data privacy precautions before traveling, but 20% also agreed or strongly agreed with the statement âI donât really think about protecting my data while traveling.â
For safety abroad, here are a few tips travelers can take before and during their next vacation:
- Backup your data before you head out. Losing a device or having it stolen while on vacation wonât just ruin the trip itselfâit will return the return journey, too. Backing up your data will help ensure that any lost device doesnât lead to lost files.
- Turn on âFind Myâ features. To respond to a lost or stolen device, turn on the âFind Myâ features on iPhones and Androids before your vacation so you can track a deviceâs location in real time.
- Protect your devices with antivirus and cybersecurity tools. Modern cybersecurity tools donât just stop viruses from landing on your devices, they also warn you about dangerous websites and links that could steal your info.
- Update your software. Ensure that your devices are running on the latest versions of their operating systems. This helps prevent any known weaknesses from being exploited by cybercriminals.
- Use a password manager and 2FA. Your most sensitive accounts shouldnât just have a unique password. They should also be protected by two-factor authentication, which requires more than a password for anyone to login.
- Consider a VPN. If you are doing something sensitive online, it never hurts to use a VPN. Bonus: If you’re travelling to another country where your favourite streaming shows aren’t available, a VPN can help here too.
We donât just report on threatsâwe remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.




