If you’re one of the innocents who still believes your sensitive information is secure at WiFi hotspots, a new article in the Journal of Forensic & Investigative Accounting (JFIA) might lead you to stop and think before you connect. In “Wi-Fi Hotspots: Secure or Ripe for Fraud?” authors Richard G. Brody, Kyle Gonzales, and Dustin Oldham conduct an exhaustive examination of the threats connected with using WiFi hotspots. Their conclusion: “The amount of traffic and lack of security inherent in public wireless hotspots create a perfect environment for individuals to commit fraudulent activities.”
The authors point to the vast amount of sensitive information that’s transmitted over unsecure WiFi networks – everything from log-in credentials to account information and Social Security numbers. And they say the vulnerability of wireless networks is compounded by a very bad online habit many of us share: the tendency to use the same log-in credentials to access multiple accounts.
There are other reasons hotspots are tempting targets, according to the JFIA article: “Public WiFi hacking doesn’t require any face-to-face interaction between the fraudster and the victim.” They cite the subject of Private WiFi’s blog Fast, Free and Out of Control as a case in point. In 2012, we reported that the Better Business Bureau in Charlotte, North Carolina received complaints from identity fraud victims who had been hacked after they connected to WiFi at the local airport. The victims had no idea their information had been stolen from their laptops until they accessed their bank and credit card accounts. That’s generally how it happens with hotspot hacking. Because it’s an anonymous crime, it’s difficult to detect.
To make matters worse, hotspot hacking is often perpetrated, not by lone hackers, but by sophisticated networks of highly skilled people. In other words, the deck is stacked against hotspot users. Their sensitive information is public and free for the taking while the hackers who steal it are invisible. So they’re rarely caught.
Still overall, Brody, Gonzales and Oldham believe that companies and individuals make it too easy for hackers due to their “relaxed attitude about wireless security.” We think “relaxed” is a polite way to describe many hotspot users’ attitude about WiFi security. It’s more like they totally disconnect from the dangers when they connect to hotspots.
An October 2012 Public Wi-Fi Usage Survey conducted by the Identity Theft Resource Center and PRIVATE WiFi found that 79% of respondents said they believed using public WiFi could lead to identity theft. Yet 24% said they had made online purchases while using public WiFi; and 57% admitted to accessing confidential work related information while using a hotspot.
The JFIA article recommends that users should behave as if someone is monitoring their activities when they use WiFi hotspots. That means taking responsibility for their wireless security and following these rules:
- Disable automatic connections to wireless networks
- Avoid connecting to unfamiliar networks
- Use security software and keep it updated
- Use a virtual private network to encrypt online communications
The authors mention that PRIVATE WiFi was created was to make easy-to-use VPN software available to individuals and small businesses. Yet a lot of hotspot users still don’t know what a VPN is or what it does.
A staggering 44% of those who responded to our Public Wi-Fi Usage Survey said they either did not know or did not believe there is a way to protect their data when using a WiFi hotspot.
That means a lot of WiFi users out there need to wake up to the dangers of using unsecure hotspots. The authors of the JFIA article conclude that “Unless hotspot users start encrypting their online traffic, the number of hacking victims will rise along with the number of hotspots.”