Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they’re not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else.
To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information.
It's pretty easy for someone who wants to intercept your data in a man-in-the-middle attack to set up a network called "Free Wi-Fi" or any other variation that includes a nearby venue name, to make you think it's a legitimate source.
- Remember – any device could be at risk. Laptops, smartphones, and tablets are all susceptible to the wireless security risks.
- Treat all Wi-Fi links with suspicion. Don’t just assume that the Wi-Fi link is legitimate. It could be a bogus link that has been set up by a cybercriminal that’s trying to capture valuable, personal information from unsuspecting users. Question everything – and don’t connect to an unknown or unrecognized wireless access point.
WINDOWS: If you are connecting via Windows, make sure to turn off file sharing and mark the Wi-Fi connection as a public network. You can find this option in the Control Panel > Network and Sharing Center > Change Advanced Sharing Settings. Under the Public heading, turn off the file sharing toggle. You may also want to turn on the Windows Firewall when connecting to a public network if it's not already activated. These settings are also found in Control Panel > Windows Firewall.
MAC: Open up System Preferences and navigate to the Sharing icon. Then, untick the checkbox next to File Sharing. Here's a full rundown on how to disable sharing and removing public home folder sharing options in OS X. You can also turn on the firewall within OS X by heading to System Preferences, Security & Privacy and click the Firewall tab.
They could hijack your session and log in as you. New hacking tools — available for free online — make this easy, even for users with limited technical know-how. Your personal information, private documents, contacts, family photos, and even your login credentials could be up for grabs.
- Don’t Assume a Wi-Fi Hotspot is Secure. Most Wi-Fi hotspots do not encrypt the information you send over the internet and are not secure.
- When using a Wi-Fi hotspot, only log in or send personal information to websites that you know are fully encrypted. If you use an unsecured network to log in to an unencrypted site - or a site that uses encryption only on the sign-in page - other users on the network can see what you see and what you send.
An imposter could use your account to impersonate you and scam people in your contact lists. In addition, a hacker could test your username and password to try to gain access to other websites – including sites that store your financial information.
- Don’t stay permanently signed in to accounts. When you’ve finished using an account, log out.
- Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
- Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
- If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can obtain a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals – that are lurking on the network – from intercepting your data. Learn more about VPNs.
- Try to verify it’s a legitimate wireless connection. Always confirm the legitimacy of a Wi-Fi network before connecting to it; do not rely on the name alone. If there are multiple access points for the same venue, ask a staff member which one to use. Some bogus links – that have been set up by malicious users – will have a connection name that’s deliberately similar to the coffee shop, hotel, or venue that’s offering free Wi-Fi. If you can speak with an employee at the location that’s providing the public Wi-Fi connection, ask for information about their legitimate Wi-Fi access point – such as the connection’s name and IP address.
- Avoid using specific types of website. It’s a good idea to avoid logging into websites where there’s a chance that cybercriminals could capture your identity, passwords, or personal information – such as social networking sites, online banking services, or any websites that store your credit card information.
- Software. Never install software while using public Wi-Fi, as it could introduce viruses into your computer. For example, a common attack is to inform the user that his browser is using outdated Flash and then redirect the user to a fake Adobe website that will install a virus instead of the real software.
- Forget the network. Once you are all done with your Web browsing, make sure to log off any services you were signed into. Then, tell your device to forget the network. This means that your phone or PC won't automatically connect again to the network if you're in range.
Windows: Uncheck the "Connect Automatically" checkbox next to the network name before you connect, or head to Control Panel > Network and Sharing Center and click on the network name. Click on "Wireless Properties" and then uncheck "Connect automatically when this network is in range."
Mac: Go to System Preferences, go to Network, and under the Wi-Fi section click Advanced. Then uncheck "Remember networks this computer has joined." You can also individually remove networks by selecting the name and pressing the minus button underneath.
Android: Enter into your Wi-Fi network list, long press the network name and select "Forget Network." On iOS, head to Settings, select Wi-Fi networks, click the "i" icon next to the network name and choose "Forget This Network." As an extra precaution, you should also turn on "Ask To Join Networks" which is also found in the Wi-Fi networks menu.
Here is a list of sites that offer two-factor authentication: www.FraudSmarts.com/twofactor
- Enable two-factor authentication. It's good practice to enable two-factor authentication on services that support it. This way, even if someone does manage to sniff out your password when on public Wi-Fi, you have an added layer of protection. Also, use one form of two-factor for logging in, and a second, different two-factor combo for recovery.