The Risks of Public WiFi: Hackers Are Waiting for You

Summary: There are various ways hackers can take advantage of users logging on to unsecured risky public WiFi that is available in airports, trains, hospitals and coffee shops.

The number of computer users working remotely has skyrocketed. People from all walks of life work from home, at airports, in train stations and just about anywhere a WiFi signal is available. The bad news is that the increase in remote work on public WiFi has been a “home run” for cybercriminals. They have crated profitable schemes such as the “man in the middle” and evil twin attacks and others that are designed to exploit open WiFi networks. Many open WiFi users are complacent about cyber security and do not hesitate to log on to public WiFi without ensuring they are doing it safely.

However, there are many severe risks of public WiFi to user privacy, company data, and other connected devices on your network. Here are the main threats posed by hackers to users accessing public WiFi networks without a secure connection:

• Password Theft – There are hacking tools designed to search for your passwords when typed into online platforms (called keylogging) or saved in your browser. Furthermore, your apps and email passwords are also vulnerable when using unsecured public WiFi. Password theft is the most dangerous because it can give hackers access to many of the platforms that users log into. Once they log in using your password, cybercriminals can change the password. It is a serious threat because it allows hackers access to the user’s accounts and puts your entire connected business network at risk. If you perform work online for a business, sloppy security can spread malware attacks and halt your company’s operations and productivity.
• Identity Theft – It is not an understatement to warn that unsecured public WiFi could blow up your life. Unprotected online work can expose users to identity theft. Hackers know how to piece together private data gleaned from your mobile devices to steal money from your bank accounts and credit cards. Even worse, they can steal unique identifying data such as social security numbers and other profiling data, including:
• Locations, Past and Present – Knowing where you live, work and travel can help cyber thieves piece together your profile and use that information to steal your personal, private data.
• Personal Financial Information – In addition to grabbing your social security number, they can use it to steal things like tax refunds, bank accounts, payments from vendors, as well as many other transactions that can financially wipe you out and take years to resolve. Once hackers connect with your bank accounts, you are in big trouble.
• Profile Data – By breaching your social networking activity, hackers can steal and replace your online accounts with fraudulent ones, locking you out and causing more disruption, fraud and financial exposure.

The more cybercriminals know about you, the more they can target their attacks using specific malware and phishing techniques tailored to you. In an unsecured setting, if you click on an advertisement in an email or log in to what seems like a trusted website, hackers can infect your device and network with malware.

Man In the Middle Attack

A Man in The Middle Attack (MITM) is one of the more diabolical cyberattacks. In an MITM, hackers intercept text conversations and pretend to be one of the parties in the conversation, having secretly taken control of the entire exchange. MITM is a dangerous attack because the scamming imposter can seem like a trusted source and potentially ask questions that might prompt the unsuspecting user to reveal additional personal information.

• Evil Twin Attack – An Evil Twin Attack is a type of MITM attack in which the cyberthief creates a fraudulent WiFi network that looks like the public WiFi connection users wish to log on to. For example, a public network at an airport might be called “Free Airport Network.” However, a hacker might have a nearby fake network labeled “Official Airport WiFi.” Which one would you pick? The hacker is in complete control once users log on to a fake network.

Is Hotel WiFi Safe?

We have discussed public WiFi security threats in public places such as airports, hospitals and train stations. But is hotel WiFi safe? Absolutely not. A hacker could be relaxing in the next room with his laptop and hacking tools, in the lobby or bar or in the parking lot outside, launching one of the attacks mentioned above.

However, life is unpredictable, and a situation might arise when you need to use public WiFi. There are a few things you can do to ensure a public network is safe:

• If you have a VPN (Virtual Private Network), ensure it is turned on and functioning correctly.
• Install anti-virus software on your device and make sure the virus definitions are up to date. Avoid “free” WiFi.
• Beware of networks that require very complex passwords. Public WiFi usually has simple passwords needed to gain access.
• Ensure that your operating systems, browsers and software applications are up to date, as security patches are often part of updates from developers.
• Log out of accounts you are not using.
• Install an ad blocker to protect you from accidentally clicking on a fraudulent phishing advertisement that can lead you to a malicious website.
• Use a password manager to create and store your passwords for all your platforms securely. If one of them becomes part of a known breach, you will be prompted to change the password.
• Close any open programs that are not required for your online work.

Our connected universe expands daily. The convenience and efficiency of working online have never been as simple as they are today. However, more caution than ever is required to protect your private data and connected devices to continue enjoying all the great benefits of remote connectivity.

Contact your IT support technician to set up an affordable VPN and password manager or to set up security awareness training for your small business. It is far simpler and less costly to avoid a cyberattack than to recover from one.