How fraudsters use Wi-Fi hotspots to steal data

Many of us will have used free public Wi-Fi at some point, perhaps in a coffee shop or an airport lounge, but we may be risking our privacy when we do so. It’s possible for hackers to capture personal information exchanged over public internet connections, a fact that many people may not realise. However, a few simple precautions will help you protect your private data, reducing the risk of identity theft.

Why are Wi-Fi hotspots vulnerable to fraudsters?

Of all the ways we connect to the internet, public hotspots are probably the least secure. This is partly because of the fact that they’re public. Most hotspots will require you to enter a password, probably handed out by a barista or written on a board, but this offers users little or no protection – a password everyone knows isn’t that different from no password at all. Once a hacker gets on the network, security can already be compromised.

Public hotspots will also sometimes fail to use proper encryption, the way by which programs or networks, such as a banking app or home Wi-Fi, secure their interactions with the web. This makes it very tempting for hackers to spy on Wi-Fi hotspots, to exploit any vulnerabilities.

How to protect your data while using Wi-Fi hotspots

A 2016 survey by Symantec in the United States found that 87% of people had used public Wi-Fi at some point – and 60% thought their data was secure. The most common use of a public connection was for logging in to social media, email and bank accounts. This is exactly the kind of information data thieves love to their hands on, but taking a few simple precautions will make it significantly harder for them.

  • Verify the name of the network you’re using
    Fraudsters will often set up a Wi-Fi hotspot of their own and disguise it as genuine public Wi-Fi. The “spoofed” connection will have a name similar to the outlet in question, e.g. a coffee shop, and will allow you to browse as normal. However, it might send you to a fake website – perhaps that of your bank or credit card company – where you will be asked for your username and password. When using a public hotspot, ask a staff member for the full network name and make sure it matches exactly the one you connect to on your device.
  • Look for encryption
    Encryption makes any network connection more secure. The most common form of encryption is SSL, and it’s easy to check if it’s in operation. Any site address beginning with “https” is using SSL, meaning the information you send and receive will be unreadable to anyone who intercepts it.

    You will also see a padlock icon in the address bar to indicate the encryption is in place. SSL is used by banks, Facebook, Twitter, Gmail and should be used by any shopping site you visit. If SSL is unsure of a given site, a pop-up will alert you that it is “untrusted”. If you see this warning while using public Wi-Fi, don’t visit the site.
  • Using a Virtual Private Network (VPN)
    A VPN routes all your interactions with the web through a server in encrypted form. So, in a similar fashion to SSL, anyone snooping on the Wi-Fi network will just see garbled information. There are many desktop and mobile VPNs available, and they are fairly simple to set up and use.
  • Always update your software
    Keeping your software updated means you have the latest security upgrades and bug fixes. Download these updates as soon as your browser or anti-virus software lets you know they’re available.
  • Turn off your WiFi
    If you’re not using your device’s Wi-Fi connection, turn it off. This will prevent it accessing a hotspot automatically, which it may do if you’re in an establishment where you’ve used Wi-Fi before.

If you are worried about the security of your personal data, your Equifax Credit Report & Score – free for the first 30 days then £14.95 monthly – comes with WebDetect, which alerts you if we find your personal data on websites used by fraudsters.

Related Articles