Beware of free WiFi scams

REGION – It’s mid-February, time for a break from the routine. The sports world is alive with activity as baseball spring training heats up and March Madness is approaching. If travel is on your calendar, the potential for losing money to fraud and scams increases. From bogus bargain trips, to nonexistent hotel reservations, there are countless ways for your vacation to turn into a nightmare.

Whether traveling for pleasure or business, or simply going out for lunch, some fraud occurs where we least expect it: airport terminals, hotels, and restaurants. As a mobile public, we often rely on our ability to communicate electronically, and these oases and gathering points have addressed this need. We see many locations advertising “free WiFi.” A visit to your local fast food restaurant, coffee shop, or public gathering place confirms this, and as a frequent traveler, I can rely on the fact that most hotels and motels, large and small, use WiFi availability as an attractive benefit. Sadly, it is that free service that also attracts criminals.

Most public WiFi networks and routers are not secure, and allow anyone to connect to the internet. Requesting a connection and possibly entering an email address on a simple form grants access. In terms of lodging, most locations allow access by entering a passcode that is available to all guests. For most users, a simple process allows for connection to the world and the ability to do anything that you could do at home or the office. Seems perfectly fine.

The problem lies with two seemingly unimportant words, “unsecured network.” It means there is no built-in security for users. You may feel you are in the “privacy” of your room; in reality, everyone online is sharing a single space – in 20th century language, a giant party line. In this environment, there are a number of threats to your data and devices, such as:

“Man-in-the-middle” attacks, where a criminal is able to intercept messages between the user and his or her destination. All messages and content are then exposed to the outsider.

“Evil Twin,” in which the criminal creates a separate WiFi network that appears on your device as one of the choices. For example, the WiFi network at Starbucks will say “Starbucks,” but the Evil Twin might be “Starbuck.”

Malware distribution, where flaws in device software are exploited and malware or spyware is inserted in your device.

“Snooping and sniffing” – criminals use devices and software to “eavesdrop” on your communications, collecting information from emails and even the hard drive. This could mean gaining access to IDs, passwords, and financial accounts.

There are some steps you can take to provide a degree of security, but know that there is no such thing as “zero vulnerability.” Begin by updating the system software on your devices. Apple and Microsoft build a degree of protection into their operating systems (yes, Windows XP was a great program, but it is long past its prime). Bite the bullet and purchase malware protection, and keep it up to date; it’s a type of insurance policy. Also, encrypt your online communications by purchasing a virtual private network (VPN) license. When traveling, be certain that file sharing is inactive. Be sure that the websites you visit have active encryption. Look for the icon of a padlock or the letters “https” in the URL or search line that displays web addresses.

There is one way to practically eliminate the threat of hacking while on the road: don’t use the free WiFi. Instead, create your own WiFi network by enabling a “hot spot” on your smart phone or cellular-connected tablet. This approach eliminates the threats posed by open WiFi networks, but consumes data on your connected device.

Finally, if you discover your device and communications have been compromised, take immediate action to recover. Change passwords on all accounts that may have been exposed. Review the settings in your internet account, and check to see if your mail is being forwarded to an unknown person. Report the incident to the Federal Trade Commission at www.reportfraud.ftc.gov. If you have questions or comments about this article, email egreenblott@aarp.org.

 

Written by Elliott Greenblott, a retired educator and coordinator of the AARP Vermont Fraud Watch Network. He hosts a CATV program, “Mr. Scammer,” produced and distributed by GNAT-TV in Sunderland, Vt., www.gnat-tv.org.

Back To Top