WiFi Hotspot Scams

The Tip

Whether you’re vacationing, at a coffee shop, visiting a friend, or waiting in an airport, wifi hotspots are becoming ubiquitous. Sometimes the hotspots will cost a small fee, and other times they are free. In either case, be careful! Frequently, free wifi can be a scam setup by criminals just to see what information they can glean.

The Detail

In broad terms, this is how the scam works:

  • the unsuspecting victim browses their network connections to find a wifi network in the area
  • you find a network called “Free Wifi” or some such thing and decide to connect
  • this free wifi network is not actually a hot spot, but rather a computer-to-computer network that has been setup as a trap
  • while you believe you are using the internet as normal, you are actually browsing through the hacker’s computer, and as a result, they can see everything you are doing online including usernames and passwords

This is an especially big problem if you are doing any online banking or checking email or anything else where you are accessing accounts. Finally, if your device is setup for file-sharing, the attacker can now access all your files and data, and even possibly install spyware or malware on your device.

Beware of the evil-twin.

Sometimes hackers will setup a real hot spot near to a place that offers free wifi. Ask the business you are in if there is a hot spot available and get the name of it. Only connect to that network and if you see two hot spots with the same name, don’t connect to either of them. One of them could be the phoney evil-twin, setup solely to trick you into connecting to it.

The easiest way to protect yourself from these sorts of scams is to be very cautious when using public wifi. If you’re in a place that has a legitimate network for a small fee, use it. It will be worth the peace of mind. If you do choose to connect to a free wifi network, keep the following things in mind;

  • anybody can name a wifi network whatever they want, so even though a free network may have a name that is correct within context (eg: “Pearson Airport Customer WiFi” if in Pearson International Airport) that is no guarantee it is legitimate
  • avoid all financial transactions and online banking if you are not using a network that you know and trust
  • avoid using VPNs or accessing sensitive information when using public wifi
  • use https to access webmail and avoid non-encrypted protocols like http or ftp
  • turn off your computer’s file-sharing capabilities when using public wifi
  • when choosing a wireless network, check out the description and never connect to a ‘computer-to-computer’ network
  • if your device has a firewall, use it

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.