The text arrived at 2:47 a.m. — not that Marcus noticed at first. He was asleep in a charming hillside hotel in Lisbon, the kind of place with terracotta rooftops and a fado singer drifting up from the street below. He’d had a spectacular dinner, a little too much wine, and had connected his laptop to the hotel Wi-Fi before bed to send a quick note home.
By morning, his inbox held three fraud alerts from his bank, a PayPal notification about a password change he hadn’t requested, and a charge of $1,847 to an electronics retailer in Eastern Europe. His debit card had been drained. The bank could investigate, they said, but recovery on debit transactions could take weeks. His trip had four days left. His backup card wasn’t much better, and his wife was furious.
What happened? Almost certainly, a packet-sniffing attack on the hotel’s unencrypted wireless network. Someone in a nearby room, or in the hotel lobby, had been harvesting login credentials from unsuspecting guests for weeks. Marcus was simply the most recent name on the list.
It didn’t have to be this way. Every step that could have prevented his nightmare costs nothing, or very little, and takes minutes to set up. Here are a few measures every traveler should have in place before the taxi arrives.
1. Use a VPN on Public or Hotel Wi-Fi
The problem: Public Wi-Fi networks — in airports, cafés, and yes, even four-star hotels, are largely unencrypted playgrounds for cybercriminals. A technique called a “man-in-the-middle” attack allows bad actors to position themselves between your device and the network, intercepting usernames, passwords, banking credentials, and anything else you transmit. Some criminals even set up convincing fake networks with names like “Hotel_Guest_WiFi” to lure unsuspecting users. You’d never know the difference.
How a VPN helps: A Virtual Private Network encrypts your internet traffic before it ever leaves your device, wrapping it in a secure tunnel that makes intercepted data useless to anyone who captures it. Reputable services like ExpressVPN, NordVPN, or Proton VPN cost roughly $5–$10 a month and can be installed on your phone, tablet, and laptop. Turn it on the moment you connect to any network that isn’t your own home router. Think of it as the digital equivalent of closing the curtains: what happens inside stays inside.
2. Consider a Travel eSIM
The problem: When you rely on public Wi-Fi abroad, you accept whatever security posture that network has — which is often none. Beyond the hacking risk, you’re also vulnerable to SIM-swapping fraud, where criminals contact your carrier, impersonate you, and redirect your phone number to their device, capturing your two-factor authentication codes in the process. Standard international roaming, meanwhile, can cost a small fortune in data fees, tempting travelers to take risks with unsecured networks just to avoid the bill.
How a travel eSIM helps: A travel eSIM is a digital SIM card you activate before departure, giving you local cellular data in your destination country at a fraction of roaming rates — often just a few dollars per gigabyte. Because you’re using cellular data rather than public Wi-Fi, your connection bypasses the entire hotel network threat. Services like Airalo, Holafly, and Google Fi make activation simple. The practical result: you browse, bank, and communicate over a private cellular connection and never need to touch that sketchy airport hotspot again.
3. Set Up Real-Time Transaction Alerts
The problem: Fraudulent charges don’t always announce themselves dramatically. Often, thieves test a stolen card with a tiny $1 or $2 transaction first — a digital knock on the door — before running larger charges. Without alerts, you might not notice until you review your statement days or weeks later, by which point significant damage has been done and the trail has gone cold.
How alerts help: Nearly every major bank and credit card issuer now allows you to enable push notifications or text alerts for every transaction the moment it posts — or even the moment it’s authorized. Set the threshold to $0 so you’re notified of everything. If a charge appears that you didn’t make, you can call to freeze the card within minutes. When you’re traveling, these alerts also catch legitimate charges that may have been incorrectly flagged, preventing your card from being auto-frozen while you’re standing at a restaurant register in a foreign city.
4. Enable Multi-Factor Authentication
The problem: A password alone is a thin line of defense, and travel creates multiple moments of exposure — logging into accounts on unfamiliar devices, using public networks, entering credentials in hotel business centers. If your password is compromised, a criminal needs only that single piece of information to access your bank account, email, travel bookings, and anything else you’ve secured with the same credentials.
How MFA helps: Multi-factor authentication requires a second form of verification — typically a code sent to your phone or generated by an authenticator app like Google Authenticator or Authy — in addition to your password. Even if someone captures your login credentials on a compromised network, they cannot access your accounts without also physically possessing your phone. Enable MFA on every account that matters before you leave: banking, email, travel apps, and any platform tied to your financial life. Authenticator apps are preferable to SMS codes, since text messages can be intercepted in the SIM-swapping attacks described above.
5. Know How to Lock Your Card
The problem: Wallets get stolen. Cards get skimmed at ATMs. Bags are left in taxis. In the past, the only recourse was a panicked phone call to a bank’s 800-number, navigating hold times and fraud departments while standing on a foreign street corner — and even then, the card might remain active for minutes or hours while the process played out.
How card-locking helps: Most major banks and card issuers now offer an instant card lock feature directly in their mobile apps. With a single tap, you can freeze your card so that no new transactions are authorized. It doesn’t cancel the card or affect pending transactions, and you can unlock it just as instantly if you find the card slipped behind a seat cushion. Before you travel, locate this feature in your banking app and make sure you know exactly where it is. The American Express, Chase, Capital One, and Citi apps all offer this feature prominently.
6. Use Credit Over Debit
The problem: This is the distinction that cost Marcus his vacation. Debit cards draw directly from your checking account, meaning that when fraud occurs, the money is already gone. You may eventually recover it through your bank’s fraud process, but federal protections for debit cards are weaker than for credit cards, and the investigation timeline can stretch to weeks — leaving you cash-strapped in the middle of a trip, or scrambling to cover expenses upon your return.
How credit cards help: Credit cards put a crucial buffer between fraudsters and your actual money. When fraud occurs on a credit card, you’re disputing a charge you haven’t paid yet. Under the Fair Credit Billing Act, your liability for unauthorized credit card charges is capped at $50, and most major issuers offer zero-liability policies. Your checking account remains untouched throughout the dispute process. Choose a travel credit card with no foreign transaction fees, carry it as your primary spending instrument, and leave the debit card in your hotel safe for ATM use only and even then, only at bank-affiliated ATMs where the skimming risk is lower.
7. Notify Your Bank About Your Trip
The problem: Banks use sophisticated fraud detection algorithms that flag transactions as suspicious when they deviate from your normal spending patterns. A charge in Barcelona when you live in Ohio looks, to an algorithm, exactly like fraud — because many times, it is. The result: your card gets auto-frozen at the worst possible moment, such as when you’re checking into a hotel at midnight or trying to pay for dinner in a city where you don’t speak the language.
How a travel notification helps: Most banks allow you to log a travel notice through their app or website before departure, flagging your upcoming dates and destinations so their fraud systems know the foreign activity is legitimate. This single two-minute step prevents the majority of vacation card-freeze headaches. While you’re at it, confirm the international customer service number printed on the back of your card and save it in your phone as a contact, because if something does go wrong abroad, you’ll want that number available without having to dig for the physical card.
8. Watch Out for USB Charging Stations (“Juice Jacking”)
The problem: Those convenient USB charging ports in airport terminals, hotel lobbies, and lounges are, in some cases, compromised. A technique called juice jacking allows a tampered charging station to push malware onto your device or extract data the moment you plug in — all while your phone charges normally. The FBI has issued warnings about this practice, and it’s become common enough in high-traffic travel hubs to warrant real concern.
How to protect yourself: Carry your own charging brick and plug it into a standard electrical outlet rather than a USB port. Alternatively, carry a “USB data blocker” — a small pass-through adapter that allows power to flow but physically blocks the data pins. They cost about $10 and fit on a keychain. As a rule: if you didn’t bring it, don’t plug into it.
9. Use a Password Manager
The problem: Travel creates temptation to cut corners on passwords — using weak ones because you’re logging in on an unfamiliar device, reusing old passwords because you can’t remember the strong ones, or writing credentials down somewhere insecure. A single compromised password on a shared account can cascade into multiple account breaches if you’ve recycled it.
How a password manager helps: Services like 1Password, Bitwarden, or Dashlane store unique, complex passwords for every account behind a single master password. They work across devices, autofill credentials securely, and eliminate the temptation to reuse or simplify. Before travel, audit your most sensitive accounts — banking, email, booking platforms — and ensure each has a unique password stored in your manager. The master password itself should be memorized, not written.
10. Enable Remote Wipe on All Devices
The problem: A stolen phone is more than the loss of a piece of hardware — it’s a potential portal into your entire digital life. If your screen lock is defeated, everything from your banking apps to your email to your stored passwords becomes accessible.
How remote wipe helps: Both Apple (via Find My) and Google (via Find My Device) allow you to remotely erase all data on a lost or stolen device from any web browser. Enable this feature before you travel, confirm that your device is visible in the respective portal, and make sure location services are active. In a worst-case scenario, a remote wipe ensures that the thief got the hardware but nothing else.
11. Be Cautious About Social Media Announcements
The problem: Posting “Finally in Rome!” with a geotag and a photo of your hotel view is effectively a public announcement that your home is unoccupied. Residential burglars increasingly monitor social media for exactly this kind of intelligence — particularly when accounts are public or when vacation photos include enough contextual detail to identify the traveler’s home city or neighborhood.
How restraint helps: Save the photo dump for when you return. If you must post in real time, check your privacy settings to ensure you’re sharing only with people you actually know, strip location metadata from photos before posting, and avoid identifying your specific hotel or neighborhood. The trip will still be Instagram-worthy on a two-day delay, and your home will still have its contents when you get back.
12. Back Up Your Documents Before Departure
The problem: A lost or stolen passport is an ordeal under the best of circumstances — navigating an embassy appointment, proving your identity without identification, and potentially missing flights or cruise departures in the interim. Without a backup of your document details, the process is significantly harder and slower.
How backup helps: Before every international trip, photograph or scan your passport, travel visas, travel insurance policy, itinerary, and the front and back of every card you’re carrying. Store copies in two places: a secure cloud folder and as an email attachment to yourself. Your hotel safe should also hold a physical photocopy of your passport whenever the original isn’t on your person. Consulates and airlines move considerably faster when you can produce document numbers and issue dates immediately.
None of these measures require technical sophistication, and none will meaningfully slow you down. They take an afternoon to set up before a trip and then run quietly in the background while you’re sipping espresso on a terrace in Lisbon, completely undisturbed. The traveler who takes these steps doesn’t think about them again until