This is one more reason why you always want to use a VPN, especially when traveling.
An advanced hacking and cyberespionage campaign against high-value targets has returned. The so-called ‘DarkHotel’ group has been active for over a decade, with a signature brand of cybercrime that targets business travellers with malware attacks, using the Wi-Fi in luxury hotels across the globe.
In short, the hackers find ways to infiltrate the hote’s wi-fi system so that they can see every bit of information that hotel guests are sending and receiving on (unencrypted) connections.
The hackers have much more sophisticated methods than just “wiretapping” into the wi-fi network. The usual method for the attack is to send carefully crafted phishing emails. When the recipient clicks on the email message, a self-extracting archive package, called winword.exe, is then executed and begins the Trojan downloader process.
Luckily, the problem is easy to avoid.
First, never use Windows as the trojan program only infects Windows systems. Instead, use a Macintosh, Chromebook, Linux, iPad, or Android device to read your email messages. The winword.exe trojan won’t affect those systems.
If you only have a Windows laptop, there is a simple solution: download a Linux LiveCD and use that. When in a hotel, insert the LiveCD and boot your computer up in Linux. The LiveCD won’t touch anything on your Windows system’s hard drive. Once finished, you boot down, remove the LiveCD, and continue using the Windows system as you always have,
This is a very simple and very effective solution. You can find a number of online articles that will explain the process by starting at: https://duckduckgo.com/?q=how+to+use+a+livecd&ia=web.
Next, always use a VPN. It appears that the hackers have to first identify a likely looking target: someone staying in an expensive, luxury hotel and paying by expense account. They can do that by “wiretapping” your wi-fi connection and reading your email messages as they are sent an received. By using an encrypted VPN connection stops the hackers in their tracks, they cannot read your messages, won’t know who you are or what messages you are sending and receiving.
The hackers cannot drain your bank account or charge things to your credit cards if they don’t know who you are and cannot see your bank account or credit card numbers.
Start at https://privacyblog.com/category/vpn-virtual-private-networking/ to find a large number of articles about VPNs.