In a recent New York City experiment carried out by James Lyne of Sophos Laboratories, a series of Wi- Fi hotspots were set up across the city.
The hotspots carried names like “Get Online” and “Free Public Wi-Fi”. For the period of the experiment 2,341 people connected to the hotspots.
More astonishing was that 109 people handed over their credit card information when offered online access for a fee! They had no idea who they were providing these credit card details to! The fee which was being requested may have been minor but in the wrong hands these credit card details could have been debited for far larger amounts of money.
Furthermore the average time it took people to click and agree to the user agreement attached to a hotspot was only 1.3seconds. Certainly not enough time to read the agreement and understand that when you connect to a wireless network you are handing over authority to send your information to the owner of that network.
We are all guilty
Whether you are taking a few precious moments out of a hectic day in your local coffee shop, traveling on business or on holidays abroad; we want to stay connected and in doing so one of the first things we look for when accessing the internet in public is free Wi-Fi. Millions of people across the world use public Wi -Fi everyday but do you know the risks and who might actually be behind the public hotspots that you connect to? It’s time to think twice when connecting to the internet in public.
Some hotspots are free of charge whilst others charge a fee for access. Wi- Fi which is not secured by a password is incredibly easy for cybercriminals to hack into and eavesdrop on network traffic and insert themselves into the data conversation between victims and the servers in a “man- in- the- middle” style attack.
However what’s possibly even easier is to actually set up a fake hotspot in a public area. The equipment required to do this can be purchased easily online for less than $100. This allows the fraudster to set up multiple Wi-Fi hotspots which will intercept the information of each user who connects to one of the hotspots. The same equipment can also be used to create an “Evil Twin” hotspot which mimics a legitimate hotspot in just about every way, but its intentions are more sinister in nature. By imitating a legitimate hotspot and tricking users into connecting to it, a hacker can then steal account names and passwords and redirect victims to fake websites which contain malicious software.
How can you protect yourself when using public Wi-Fi?
- Only connect to secure Wi-Fi hotspots. These are easily identified by the padlock icon which appears next to the name of the hotspot.
- If the Wi- Fi is not secure, use your personal hotspot on your mobile phone.
- Avoid using hotspots which require payment details.
- Keep your software up to date ensuring that you apply patches and have up to date anti-virus software installed on your device.
- Use web filtering to block malware.
- Think twice about conducting banking online or other confidential business in public areas.