How fraudsters use Wi-Fi hotspots to steal data
Many of us will have used free public Wi-Fi at some point, perhaps in a coffee shop or an airport lounge, but we may be risking our privacy when we do so. It’s possible for hackers to capture personal information exchanged over public internet connections, a fact that many people may not realise. However, a few simple precautions will help you protect your private data, reducing the risk of identity theft.
Why are Wi-Fi hotspots vulnerable to fraudsters?
Of all the ways we connect to the internet, public hotspots are probably the least secure. This is partly because of the fact that they’re public. Most hotspots will require you to enter a password, probably handed out by a barista or written on a board, but this offers users little or no protection – a password everyone knows isn’t that different from no password at all. Once a hacker gets on the network, security can already be compromised.
Public hotspots will also sometimes fail to use proper encryption, the way by which programs or networks, such as a banking app or home Wi-Fi, secure their interactions with the web. This makes it very tempting for hackers to spy on Wi-Fi hotspots, to exploit any vulnerabilities.
How to protect your data while using Wi-Fi hotspots
A 2016 survey by Symantec in the United States found that 87% of people had used public Wi-Fi at some point – and 60% thought their data was secure. The most common use of a public connection was for logging in to social media, email and bank accounts. This is exactly the kind of information data thieves love to their hands on, but taking a few simple precautions will make it significantly harder for them.
- Verify the name of the network you’re using
Fraudsters will often set up a Wi-Fi hotspot of their own and disguise it as genuine public Wi-Fi. The “spoofed” connection will have a name similar to the outlet in question, e.g. a coffee shop, and will allow you to browse as normal. However, it might send you to a fake website – perhaps that of your bank or credit card company – where you will be asked for your username and password. When using a public hotspot, ask a staff member for the full network name and make sure it matches exactly the one you connect to on your device.
- Look for encryption
Encryption makes any network connection more secure. The most common form of encryption is SSL, and it’s easy to check if it’s in operation. Any site address beginning with “https” is using SSL, meaning the information you send and receive will be unreadable to anyone who intercepts it.
You will also see a padlock icon in the address bar to indicate the encryption is in place. SSL is used by banks, Facebook, Twitter, Gmail and should be used by any shopping site you visit. If SSL is unsure of a given site, a pop-up will alert you that it is “untrusted”. If you see this warning while using public Wi-Fi, don’t visit the site.
- Using a Virtual Private Network (VPN)
A VPN routes all your interactions with the web through a server in encrypted form. So, in a similar fashion to SSL, anyone snooping on the Wi-Fi network will just see garbled information. There are many desktop and mobile VPNs available, and they are fairly simple to set up and use.
- Always update your software
Keeping your software updated means you have the latest security upgrades and bug fixes. Download these updates as soon as your browser or anti-virus software lets you know they’re available.
- Turn off your WiFi
If you’re not using your device’s Wi-Fi connection, turn it off. This will prevent it accessing a hotspot automatically, which it may do if you’re in an establishment where you’ve used Wi-Fi before.
If you are worried about the security of your personal data, your Equifax Credit Report & Score – free for the first 30 days then £7.95 monthly – comes with WebDetect, which alerts you if we find your personal data on websites used by fraudsters.
- Infographic: What is a money mule?
- What is money laundering?
- What is a Ponzi scheme?
- How to report identity theft
- How to protect older people from being scammed
- Using contactless mobile payments and apps
- Safeguard your personal data when using smart home assistants
- Safeguarding your family’s personal data on smart toys
- How your identity could be stolen offline
- Protect against ID theft when making mobile payments
- Online Fraud Terminology
- What is anonymous browsing?
- Distributed Denial of Service explained
- How secure is your email?
- Identity theft and fraud explained
- Financial fraud explained
- Best practices for avoiding identity theft
- Stay safe online: Creating a secure password
- Scam avoidance: A few ways to help stay secure
- Are smart gadgets putting you at risk of identity theft?
- Helping your children stay safe online
- Should you share your location on social media?
- Safeguard your personal information on video game consoles
- Would you do internet banking on your smart TV?
- How to avoid email fraud
- Preventing your child’s identity from being stolen
- Keeping your personal information secure when moving home
- Protect yourself from becoming a victim of SMS phishing
- Protect against identity theft when sharing photos online
- Safeguard your identity on mobile apps
- Your social media profile and identity theft
- What is credit card fraud – can you prevent it from happening to you?
- How fraudsters can hijack your browser
- Safeguard your identity on Facebook and other social media sites
- Going on holiday - keeping your identity safe
- How to prevent smartphone identity theft
- Shopping online – staying safe against identity theft
- How to spot and avoid romance scams
- Facial recognition and identity risk
- Dealing with phishing phone scams
- How cyber attacks happen
- Safer Internet Day – protecting children online
- 7 Signs of Identity Theft
- How to avoid contactless card fraud
- What Are Data Breaches?
- How to Spot a Phishing Email
- ID Fraud Overview
- How Financial Crimes Are Hidden in The Dark Web
- How much do you know about the Dark Web?
- Are you losing your identity?