Spy tricks for handling travel scams

The Ottawa Citizen recently ran a good piece entitled “Ten travel scams to watch for: From the broken taxi meter to the take-out fake out”. It was in print on Oct. 29 and digital on Nov. 2, 2016. You can find it here:

http://bit.ly/2f8SIa2

From the perspective of more-paranoid, fairly well-traveled former spy, I’d like to offer a few additional tips that can keep you safe in foreign lands. All of these tips are presented as trainable skills in my Personnel Safety and Situational Awareness training, available to individuals and corporations with travel-intensive business activities. Learn more and enroll here:

http://www.ronintraining.ca/p-s

Many of the scams described here play on two key human frailties – a lack of overall situational awareness, and the ease with which people are distracted. So, as a general piece of advice, here are two things you should develop as habits for everyday life:

  • Maintain a heightened sense of vigilance, especially when traveling. Look around, listen, pay attention!
  • Expect the unexpected – you’re a tourist. You know it and the locals know it. If you’re taken by surprise, it’s because you were too trusting or inattentive.

Here are my thoughts on some of the specific tips in this article:

The newspaper wave and/or The spiller:

Maintain personal space at all times, and if someone gets too close, stand up immediately and take a step towards them. Encroachers are not expecting their marks to re-encroach. It disrupts their ploy and demonstrates awareness and assertiveness.

If something is spilled on you, politely excuse the person and say “it’s no problem, don’t worry about it” and then immediately approach someone – a waiter, ticket agent, whoever is employed at the venue you’re at and ask where the restroom is. Look and point direct toward the “spiller” to raise awareness and say loudly “it was an accident”. Then excuse yourself. It goes without saying: take your stuff with you, and if you’re going to a washroom, ensure you’re not followed.

You should always have your valuables and documents concealed under clothing in a difficult-to-see and access location. Maintain awareness of the location of your stuff and if you sense a distraction, reclaim and pocket it all immediately.

Fake monks:

At the risk of sounding cold-hearted, don’t give anybody anything, anywhere, ever! The last thing you need is to be marked as the rich tourist with the fat wallet. By giving money to people on the street, legitimate or not, you are establishing:

  • That you have money
  • Where you keep your money
  • That you have a kind heart, which innately makes you less likely to resist or fight an attacker or a mugger. Remember: Targets are chosen, they are not accidental.

The fake monk can also be a first-stage ploy to distract you to another crime such as purse snatching or pickpocketing, or in worse scenarios, an ambush or abduction.

Off-site rentals:

Not only should you book only through reputable hotel-sponsored activity providers, you should do some homework:

  • Research the trip/activity online. You have no excuse for not doing this. If they have no online presence and no reviews, they don’t exist. Pass.
  • Check to see if this is a company run by a larger entity, especially a Canadian, American, Dutch, Spanish, Portuguese or other major European entity such as a trip operator. You’re safer if so.
  • Call your credit card company. Ask if they’re aware of scams with this resort or trip operator. Get the extra trip and purchase insurance. Ask what kind of indemnification you have if you book stuff on the card and get assessed damages. The $15/week premium is worth it if it saves you a trip to Club Fed and frivolous extortion. Book everything on your credit card and if the operator is sweating you, ask them if they can handle going to court with VISA over it.

The broken taxi meter:

Many countries and cities have approved, branded taxi companies. Do your homework and use only those. Many cabbies will agree on a price beforehand; If so, do so and give them 50% when getting in the cab. In the age of Google Maps and GPS, you’re the only one to blame if a 20 minute cab ride turns into a jungle safari. Map a route and make it clear to the driver that he’s taking that route in exchange for your fare. Note the plate and markings of the cab on your mobile and email them to the front desk of your hotel or a trusted friend before embarking.

The hotel switcheroo:

Easy day. If the cabbies tries this stunt, get out of the cab before you depart. The cabbie will be confused. Ask him which hotel he recommends then tell him to wait while you call your hotel’s front desk. Ask your hotel if they’re open and what the deal is with the other hotel. Then report the cab’s plate and markings to them. Ask the cabbie to leave before you complain to the police and tourism bureau. Ask your hotel if they could send you a shuttle and if not, to call you a prepaid cab to bring you directly to them. Settle with the hotel when you check in.

The take-out fake out:

Never give a credit card out over the phone in unfamiliar territory. Ask the front desk which takeout places they know to be reputable. Better hotels can accept the delivery at the front desk for you. You can either go down and pay in person, or, ask the hotel to pay the vendor and add it to your bill.

Code stealers:

A couple of quick ones on this:

  • Tell your bank or credit card company where you’re traveling and for how long;
  • Advise them as to how you’ll use your cards – for purchases, airline bookings, to take out cash, etc.;
  • If you have no choice but to use an ATM, use your VISA. Protect your bank accounts – the ridiculous cash withdrawal fees are worth the security. You can always advise the bank that you made a cash withdrawal so that if the card is compromised at the ATM, subsequent transactions are blacklisted. You might not get so lucky with debit.
  • Cover your PIN and rest all of your fingers over the keypad for 10 seconds. This distributes the heat signature and makes it harder for someone with IR lenses to pick out exactly which keys are used for your PIN.

Stolen passwords:

If you’re going to take devices with you, I recommend that you use a ridiculously strong password that is easy for you to remember, but difficult to intercept by watching you type, and is prone to repetitive errors if the person is unfamiliar with it. You will need a master device password, and one for a password manager utility – this way you can secure all of your passwords with a password manager and use it to auto-fill or cut and paste into web forms.

Here’s an example of a password that is strong (upper and lower-case letters, special characters and spaces, numbers and a length exceeding 20 characters). Let’s use a memorable song, some numbers I can remember, and appropriate punctuation:

“Oh, let the sun beat down Upon My Face! 6-38-42 Stars to fill my Dream$!”

Recognize Led Zeppelin’s famous “Kashmir”? I’ve thrown in the combination from my old high school gym locker, included spaces and capitalized certain words to make dictionary attacks more difficult. A few extra special characters round it out. Let’s say you used that as your iPad password, then used the next phrase in the song with some minor mods for your password manager:

“I’m a trav’ler 0f Both Time & Space (6)[38](42) to be Where? I have beeen!

I threw in a few nuances that you can use which make sense… “Where” has a question mark, as it often denotes a question, and “been” is stretched by an extra “e”. All you have to do is remember where you put the tricks. Paste any of these into a password tester website like https://howsecureismypassword.net/ and see for yourself – they’re secure.

The first one is computed at 386,285 quadragintillion years to crack, and the second at 37.083 quadragintillion years! I won’t be around that long to worry about who sees my naughty emails.

On that note, don’t use public WiFi. If I have to tell you this, you’re probably already compromised. If you just have to Instagram your life away in the hotel lobby or by the pool or what have you, then pay $50/year for a VPN like Private Internet Access and ensure that it is ALWAYS CONNECTED when you use public WiFi. Your funeral if you’re too cheap or naïve to not do this.

The “front desk is calling” scam:

Force the caller to verify the information they do have. What is your room number? When did you check in and at what time, exactly? What is your check out date? What did you just order for room service? What phone number do they have on file and what billing address? What credit card did you supposed to use, which they “copied down” incorrectly – Amex, VISA, MC? What’s the desk clerk’s name that you’re speaking with? Tell them you’ll be down momentarily, then call back in fifteen minutes and ask directly for a manager. Name the “employee” and ask the manager to confirm there is a problem. Then and only then can you go down to the desk and give the card directly.

There are a number of credit card and travel-friendly solutions available from an excellent author named Mike Bazzell. I recommend his work highly:

https://computercrimeinfo.com/bio.html

https://computercrimeinfo.com/book4.html

As always, you can reach out to me for training and with your questions:

info@ronintraining.ca | 613.627.3018 | www.twitter.com/RoninTrng