Hotel and Motel Safety: Identity Theft - What to Do When Staying in a Hotel

Risks in Hotels and Motels: Identity Theft

What is identity theft?

Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission, to commit fraud or other crimes.

What are the risks in hotels?

Anytime you give out your personal information: name, date of birth, credit card numbers, passwords, etc. in a in a hotel; you risk providing that information to an identity theif. So, which are the greatest risks in a hotel?

  1. The hotel's Wi-Fi - Maybe you log on and use it to pay a few bills or catch up on emails. Hackers are using security vulnerabilities in hotel Wi-Fi to steal people's passwords and other sensitive information. Here's how it works: as a hotel guest, you try to get online using their Wi-Fi network and you see a pop-up for a software update. But that popup is fake from a hacker who got into the hotel network. When you click to accept the download, you unknowingly load software designed to steal your personal information.
  2. Opportunistic theft - Do not leave any credit cards, documents with name, address, personal information, bills, statements, computers, ipads, etc. laying out in your room where maids, maintenance men, or theives who break into rooms can access them.  Lock them up in the safe in your room, or take them with you.
  3. Mobile Apps - Unlike websites, mobile apps don't have a visible indicator like https. Researchers have found that many mobile apps don't encrypt information properly, so it's a bad idea to use certain types of mobile apps on unsecured Wi-Fi. If you plan to use a mobile app to conduct sensitive transactions, like filing your taxes, shopping with a credit card, or accessing your bank account, use a secure wireless network or your phone's data network (often referred to as 3G or 4G).

What should I do to protect myself in hotels and motels?

The Federal Trade Commission and CFR provide these precautions:

  1. Use your own private hotspot - Most msart phones have a hotspot capability, or your can get an inexpensive hotspot device from your cellphone provider. This way you have your own private, secure connection to the internet.  Only use the hotel wifi for general websurfing.
  2. HTTPS - When using a hotel or public Wi-Fi network, log in or send personal information only to websites you know are fully encrypted. Look for https in the web address; the 's' stand for secure. To be safe, your entire visit to each site should be encrypted from the time you log in to the site until you log out. If you think you�re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
  3. Don�t stay permanently signed in to accounts. When you�ve finished using an account, log out.
    Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
  4. Use security software for web browsing - Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
  5. Use the encryption provided - Some Wi-Fi networks use encryption; that is becomng common in hotels now. WPA2 is the strongest. But many public Wi-Fi hotspots don�t encrypt the information you send over the internet and aren�t secure. In fact, if a network doesn�t require a WPA or WPA2 password, it's probably not secure.
  6. Consider a VPN - If you regularly need to access online accounts through public Wi-Fi networks, you may want to use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. Some organizations create VPNs to provide secure, remote access for their employees. What's more, VPN options are available to encrypt information you send through mobile apps. If you work out of hotels frequently, you may want to obtain your own mobile hotspot, which encrypts traffic between your device and the Internet and uses the cellular network instead of public Wi-Fi.
  7. Install browser security add-ons or plug-ins. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption, if available, on popular websites that don�t normally encrypt.

What would the thieves do with my name and other information

Typical examples of uses that criminals have for your personal information and identity are:

  • to apply for credit cards in your name, and run up a bill

  • to create fake driver's licenses, green cards, passports and other forms of identification for illegal aliens, using their photograph with your name, address and other information

  • to apply for government benefits, like social security, taking benefits in your name

  • to apply for loans and mortgages in your name.

What are the consequences to me?

Identity theft is a serious crime. People whose identities have been stolen can spend months or years - and their hard-earned money - cleaning up the mess thieves have made of their good name and credit record. In the meantime, victims may lose job opportunities, be refused loans, mortgages, education, housing or cars, or even get arrested for crimes they didn't commit.

What can I do to PREVENT theft of my identity?

See this page for a comprehensive checklist of steps to take to protect your identity from identity theft.

What should I do if I think my identity has been stolen or compromised?

If you think your identity has been stolen, here's what to do now:

Click here for the complete list of steps to take.

More information:

And please let us know about any suspicious calls or emails you receive.  We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!




For a comprehensive list of national and international agencies to report scams, see this page.