# The Most Dangerous Cyber Threats Targeting Travelers Right Now ft. Dr. Byrd x Aniket | Ep 7 ## Метаданные - **Канал:** Great Learning - **YouTube:** https://www.youtube.com/watch?v=8FDQ5-9kLcs - **Дата:** 08.05.2026 - **Длительность:** 23:59 - **Просмотры:** 377 - **Источник:** https://ekstraktznaniy.ru/video/51755 ## Описание Traveling makes digital devices highly vulnerable to new cyber threats. Discover how to protect sensitive data from hidden attacks. This comprehensive breakdown explores the rising cybersecurity risks targeting mobile devices on the go. From SIM swapping and malicious applications to public Wi-Fi dangers and juice jacking, these modern threats can compromise sensitive information in seconds. Understanding how cybercriminals exploit convenience features is the first step in building a robust digital defense against data theft. This guide is designed for professionals, frequent flyers, and everyday technology users wanting to secure their personal information. It provides actionable strategies to prevent identity theft, financial loss, and unauthorized access caused by social engineering and sophisticated AI-driven scams. The discussion covers the mechanics of QR code phishing, the reality of AI voice cloning deepfakes, and the critical importance of turning off auto-connect features ## Транскрипт ### Intro [] Hello and welcome to yet another episode where Dr. Bird and I are going to discuss about cyber security. My name is Aniket Amraker. I'm one of the hosts for this podcast and with me I've got Dr. Bird who is also going to share with us his nuggets of wisdom on how to stay secure. Dr. Bird, welcome to the podcast. — Hey, thanks Anaket. Thank you everyone ### SIM Swapping and Malicious Apps [0:37] for joining us. This is uh again one of the uh kind of timely topics that we are covering common security threats while we're traveling, common security threats on our mobile devices. Uh with the advancement of technology, you know, everybody has a smartphone and a tablet. We use it to, you know, communicate with our friends, our family. It connects us to our social media platforms. We use it for browsing the internet and even our streaming services. So, security and privacy controls are of the utmost importance. — They go hand in hand as they say. — Yes, they do. — Great. — And some of our previous discussions, we were talking about uh some of the things that people can do to stay safe. One of the challenges was uh around particularly travel. We talked about SIM swapping, QR code, juice jacking, and malicious apps. Any thoughts about that, Anakin? Yeah. Uh SIM swapping, that's a dangerous one. That's where my SIM card which is associated with my phone number and now some hacker can talk to the telephone company and convince them that from now on this mobile number will be routed to a different SIM card, a new SIM card. So, somebody is literally stealing my SIM card and God knows what they're going to do with that. — Exactly. That's uh really unique to our device. When that happens, it allows them to receive the uh multifactor authentication codes to get access to our — accounts and things of that nature. That ties into uh the malicious app conversation as well, which is actually the foundation of social engineering, right? — So, we've talked in some of our previous discussions around social engineering, the act of uh getting users targets to take these unsafe actions, right? whether it's clicking on links, — uh clicking on or opening and engaging with text messages, right? All of those types of things. And malicious apps can be a part of that. Uh an additional control is to encourage people to download apps only from the official app store, right? To ensure that you have those additional controls in place, whether that be Apple store or Google Android store or what have you. ### The Dangers of Third-Party App Stores [2:58] — That's right. I one in fact my father-in-law he fell victim to this about a year ago where he was trying to contact an airline company when he called in or when he tried to visit the website he got to um a malicious phone number and the hacker was talking to him on the phone hacker said hey I have an app and that app will help you to get your refund very quickly so he sent an app link to my father-in-law who he clicked on the link he downloaded an application not from the play store but from a third party website and that application was malicious. It took control of his phone recorded the keystrokes and within a span of 15 minutes he started to see financial transactions from his account. Money was just leaking. So downloading any app not from the direct app store is a big risk and everybody should be aware of that. — Exactly. Sorry to hear about that. Anaki. But again, those are some best practices that we all can share. — We want to confirm and verify, especially with the onset of generative ### How AI and Deepfakes Empower Cybercriminals [4:08] AI tools, right? We know that cyber criminals have the ability to impersonate our banks, our help desks, and things of that nature. They're using it to create these very believable lures, right? And kind of attack strategies. So confirming and verify through a known good source is definitely the way you want to go. And don't be afraid to hang up. You know, anytime you're being pressured or urged to take a certain action, you have to stay cool and calm, pause, confirm, and verify before you take that next step. — Yeah, that's right. And you know the attackers have been using this for a while now where the uh the call will be from an unknown number claiming to be from your IT team and he would say we detected some kind of unusual activity from your laptop. I'm sending you a link to a an easy assist kind of a software a remote control software. You have to install that otherwise you can't work anymore. and the employee feels pressured as you said and the employee without even thinking about it installs the remote assist app and the computer gets compromised. — Yep, that's a great example. You know, one thing that we have to uh keep in mind is that as we transition from our desktops, our laptops to our smartphones and our tablets, we have a smaller screen factor, right? smaller opportunity to view and analyze our emails like we normally do. We tell people to hover over the link before clicking. You can look at the header information, the sender information. — But when you have that smaller screen, right, and you're walking down the street or you're traveling, right, you are more susceptible. You you're actually distracted, right? So, you're more susceptible to taking that, you know, that next leak that the cyber criminals are hoping for, clicking that link and engaging that uh that URL. ### Why QR Code Phishing (Quishing) is Rising [6:05] Another thing to be mindful of specifically on our mobile devices are these QR codes. You know, quishing is something that uh a lot of the threat intel reports are starting to talk about. This is the malicious use of QR codes. — Cyber criminals are using them. uh they're in common place and they will redirect you directly to a malicious website or that website. You don't have the ability to scan and hover like we traditionally do with a URL. So, you definitely want to be mindful of QR codes. Think about the context in which you are seeing them and viewing them and be very careful and cautious about those. — So, true. It's more like a fishing link but in a visual format where — Exactly. You don't even get to or as you say hover over the URL and check the lock icon. You scan the QR code and some apps do showcase the URL that you're going but some applications don't. So again like you said the form factor comes into picture on a smaller screen you are in a hurry. Your flight is about to get uh boarding is about to start and you are in a hurry. You quickly scan the QR code, click on the button and you don't realize what just happened there. Exactly. — The form factor plays another important part here along with the AI. We talked about AI and how attackers are using it. Attackers have also used AI to create deep fakes where let's say they are targeting a journalist and they know that the journalist has a daughter. They will try and capture the voice of that daughter using some social engineering techniques. then call the uh then call the journalist and play a fake audio clip where the girl is asking for help. She's desperate and during the desperation the journalist receives a message again form factor comes into picture. He clicks on the link. So all of this is being targeted for making the victim to perform an action with AI enabled. Exactly. When we start, you know, our conversation today, we were talking about security and privacy on our mobile devices, especially uh while we're traveling. You know, a lot ### Disabling Wi-Fi and Bluetooth While Commuting [8:20] of the devices have these kind of convenience features. There may be fine while we're at home and while we're in office, but as we start to commute, as we go to conferences and workshops and travel with our family and friends on vacation and holiday, we want to make sure we're disabling some of these things. That's something that I share with my friends and family. I turn off my Wi-Fi and my Bluetooth when I leave the house. I download all of the movies that I want to watch on the airplane before I, you know, leave the house — and disable that. uh you know when I've traveled I've noticed that uh my phone has already and automatically you know without my consent acknowledgement uh connected to a Wi-Fi at the local airport — and I didn't uh accept that — you just don't know what's happening behind the scenes you know on these devices or who may be controlling that uh particular you know Wi-Fi technology so you want to make sure that you disable these things uh before you leave the house. Those are security and privacy settings that you can certainly uh handle yourself. — You know, that reminds me of uh the lockdown period, the COVID 19. I remember the first time I had stepped out of my house after the lockdown had been lifted. I stepped out like a warrior u lots of tension. I was wearing two masks. I had a sanitizer in my pocket and I was really wary of not going near anybody, just getting the stuff done and getting back home. That's how you should be when you are traveling and you've got digital data with you. — Exactly. You know, we carry so much uh sensitive and personal information on our devices. Just think about it for a moment. You know, we've got our payment details. We have our credit card information, you know, associated with some of our apps. We have our location details, our personal emails, sensitive personal information about our families and, you know, those type of things. So we really want to safeguard our devices physically and digitally. — That's very true and that's really where different types of attacks target us. We talked about the QR codebased fishing or quishing. — We talked about SIM swapping. — Then you have spoken about the malicious Wi-Fi. Uh now against all of these the ### Securing Mobile Data on Public Networks [10:38] different kinds of protective measures that we can have I think uh as you said going out with um the airplane mode on and not connecting to any kind of unknown networks VPN could be quite the game changer here don't you think VPN is quite the shield in an unprotected and wild west of the internet. — Exactly. It gives you this you know secure tunnel right the ability to uh protect that data in transit right so that uh gives you the opportunity if you're in work mode while you're traveling you know while I'm traveling I try to avoid you know logging into any sensitive or personal accounts just uh you know air on the side of caution uh another thing that we've talked about anakut is uh juice jacking something ### What is Juice Jacking at Airport Charging Stations? [11:28] that has been in the threat intel reports uh that's when uh cyber criminals uh take control or compromise the USB plug-in adapters, right, that you may see at the airport or at hotels and things like that. — Uh what that uh ultimately does is give the uh cyber criminals, right, the ability to read or exfiltrate data from that mobile device. Uh, one of the security controls that I've seen sold on the market are basically right blockers, something that you plug into the uh, USB cord that connects to your phone and the uh, plug-in wall adapter, right? And that disables the device ability to u to read, write, you know what I mean? It just enables the uh, you know, power connection. — So true. I think one has to build their own security toolbox. Like you've got to like I was watching this show called the Star Force on Netflix. — Uh so I downloaded the entire season of Star Force before I boarded the flight. Just like you. — Yep. — I had my power bank with me so I don't have to connect to any other networks during my travel. — There you go. — And the VPN was also on in case I had to connect and do some work related stuff. — Right. and I only trusted the mobile hotspot of my phone uh to connect my laptop and uh and that's where I think this kind of creates a small shielded view for us but still despite of doing all of this bad things can still happen. What do you do then? ### Creating a Personal Digital Security Toolbox [13:06] — Well, we uh talked about taking some of this preventative uh measures, right? We want to make sure that we have the actual contact information for our uh banks. So if we do receive any text messages or we feel like we have taken an action in error, we can call the legitimate bank and say, "Hey, you know, I think I may have fallen for a fish or a vish. Uh, you know, please, you know, lock my account and make sure that uh there's nothing nefarious happen. " So, you want to have those, you know, safe numbers uh on hand uh so you can confirm and verify, especially while you're traveling. Make sure you have backup, you know, numbers and ID, you know, photos of your passport numbers and, you know, your credit card numbers and bank account, uh, you know, the contact information. So if there is an opportunity or something that goes wrong and you need it, you have it on hand where you can call and uh ask for assistance as applicable. — Absolutely. As in the Hollywood movies say we are in code raid mode now because compromise has yeah we are in code rate now. One can always have a an offline diary like this the good old diary method where you write down a few ### What to Do If a Mobile Device is Compromised [14:24] things. What are the most critical bank accounts that you have and how are you protecting them? One I would say one hygiene factor is keeping that account which has your savings not to really enable the internet banking on that and always transacting from a different uh smaller account where the risk is getting lowered. In the cyber security world we always talk about reducing the risk. This is just one another way of doing it. — Exactly. And of course enabling, you know, multifactor authentication, right? Not only on our device, we have the ability to use the biometric features and the pin codes, but as we link to our particular apps as well, whether that be your banking app, your credit card, whatever the case may be, make sure you have multifactor authentication in place. the contact information uh you know up tod date so they know how to get in touch with you uh as well and then also you know when we think about some of these non-trivial apps you know I'll call those the gaming apps and even your social media apps uh you should be mindful of the security and privacy settings uh associated with that you know uh when we download uh these apps they are collecting data on us that's how they make their money right — location data you know, some of those type of things uh are of importance to us and of sensitive nature. So, we want to make sure we're disabling while we're traveling and uh not oversharing and keeping an eye on your mailbox. A lot of ### Navigating Social Media and AI App Privacy [15:58] times you see an email that there was a login attempt in your email ID from a different location. One should not ignore these kind of attempts. The moment you see an unknown attempt to log to your email address, you should go ahead and change the password immediately. And exam, we should know how the attackers behave as well. For example, the typical um I would say the typical procedure that attackers follow is the moment they take over any account be it an email account they are going to change the password backup password and the mobile number which is going to receive the backup codes. So you have no way of recovering that email id or changing the password and that's where is there an what is the ultimate procedure here if somebody changes all of this has your email provider given any of these uh solution or provisions that you can call them and say that my account has been compromised they will do some kind of verification for you and then you can get the access back but knowing about it reading about it researching about it being proactive. I think that's what's going to help our listeners and viewers. — Great point, Anaki. Critical thinking to reduce risk is what it's all about. — So true. So, Dr. Bird, in this episode, we talked about a lot of personal safety related topics, but nowadays AI is on everybody's mind. How can one remain safe while using AI? Are there any risks coming from AI usage as well? Of course, uh you know, when we talk about uh you know, using third-party apps, we want to make sure that we're protecting our own personal information, our own personal data. Just note, whether it's a social media platforms or a third-party apps, whether that be a fitness app or, you know, an AI app, that once we share that data, it's no longer ours. So you want to make sure that the information that you put out in the public domain is not sensitive and personal. — Again, we want to confirm and verify the output. You know, everything that you know comes out of the uh AI is not accurate. So we need to confirm or verify that as well. So those are things that uh we can certainly keep in mind from the personal standpoint. And then as we uh traditionally share uh with social engineering, you need to confirm or verify before you take any financial action you know associated with AI assure that who you're talking to or who you think you're engaging with is the actual person right on the uh LinkedIn or WhatsApp or any of these uh you know uh platforms. cyber criminals are using those to create these chat, you know, conversations where they're trying to sell financial advice or whatever the case may be. Just be cautious of that. — And the thing about AI is there is always a new AI that's getting created every minute. — Yeah. — So, you are going to hear about or see some new AI application being talked about in the news or in some kind of a blog. So don't be in a hurry to click on it and sign in with your Google and start using that app blindly. Do some study on that. How many people have actually used it? Are there any reviews on that? Do some background research on any new AI app that you are about to start using. One resource that I would like to recommend to everybody is there's something called there is an AI for that. com. You heard that right. So you can if you heard about a new tool, go to that site, type it in, see what you can get out of there. If you see that it's a really popular app, pretty good, good to go. But if you see that T AFT doesn't know about it, you might get a little suspicious on that. So Dr. Bird, last question to you at the end of this episode. Have you been subjected to something like this or have you been uh attempted to get fished or social engineering or any other kind of compromise any attacks on you on that? uh all of the time an you know none of us are immune from this right so you know as we wrap up today's discussion I want to uh you know reinforce that critical thinking reduces risk you know yeah — uh in the US we are in the tax season right so I'm getting these tons of these IRS related uh text messages right urgent take this action right now you need to do this that — that's something that is constant ly bombarding uh my device. I'm also getting text messages saying that I have these unpaid tolls even though I have not been on the toll road. It's saying you, you know, need to take an action immediately or your license will be revoked. — So, you know, after further review, you just critically think and say, "Hey, is this how the federal government, the IRS ### Critical Thinking to Prevent Social Engineering Scams [21:05] communicates with me? " No, it's not, right? They do not communicate via text messages uh and all of those type of things. So just be cautious. The due dates are not here yet. We're just in the season with which people are preparing to submit taxes. So there should not be this sense of urgency that you have to act immediately. So again critically thinking about that pausing for a moment because these things are you know kind of touchy emotional touch points for a lot of people right? Uh that's what the cyber criminals are hoping for. Text messages around tolls or as we indicated early family members in distress or IRS you know all of those things are these lures that are used during this season to induce unsafe actions. So critically thinking to reduce risk is the way to go. — Absolutely. Now in India the things are changing a bit as in because of the entire the war scenario there is a shortage of the liqufied petroleum gas LPG. So the LPG cylinders are really in short demand, the restaurants are closing and whenever something is in short supply, there's a black market that gets created for that where the same asset is being sold being at 4x value. But more importantly, fishing also starts to use that. So if somebody who is a restaurant owner who's desperate to get a cylinder, he gets a message that hey go to this platform and you will get five cylinders at a really less rate. That person might jump onto that. So — it's always about those emotional touch points as you said. So in India that is the emotional touch point which is nationwide. It is common to everybody. So I would like to advise to all the viewers and listeners to our podcast from India and from everywhere that if you see an urgent message just like Dr. Bird received as an SMS or I receive as an email you have to think twice take a pause for the cause — there with that let's wrap up this episode. Any last comments Dr. Bird before you wrap up the episode? Hey, critical thinking reduces risk. I'll leave it at that. — Great. Thank you so much, Dr. Bird. Thank you so much everyone for listening in and we would look forward to see you and meet you in the next episode of this podcast. Thank you so much and have a great day. —