WiFi hotspots are the most popular way for consumers to get online. But they need to be careful about which public WiFi networks they’re connecting to or they could end up having their identities stolen by fraudsters.
“The Fraudsters Playbook,” a soon-to-be-released white paper by the next generation credentials management company Jumio Inc. reveals just how easy it is for identity thieves to steal large amounts of sensitive data from unsuspecting hotspot users.
Connecting to Identity Fraud: How Hackers Trick Hotspot Users
Jumio is warning public WiFi users that one of fraudsters’ most common tricks is to sit in a coffee shop that offers free WiFi and use a laptop to create an Evil Twin – a fake hotspot designed to look like the establishment’s official WiFi hotspot.
When a customer logs into the bogus hotspot which contains malware, the fraudster can access his device sitting just a few feet away or as far away as 350 feet. While the unsuspecting target is online, the hacker gains access to his accounts using password-cracking tools such as Cain and Abel. When the victim leaves the coffee shop — none the wiser — the fraudster moves on to his next victim, methodically collecting the information needed to access his victims’ online banking, shopping, retail, and social media accounts.
A cool afternoon’s take like that at a public WiFi hotspot can yield a treasure trove of data that hackers can be immediately exploit to commit identity fraud. “They sit around coffee shops for half a day and get 50 or so identities with passwords to their targets’ bank accounts and other transactional sites,” says Tony Sales, a convicted fraudster turned fraud prevention consultant who was interviewed by Jumio. “Then it’s time to get back to base and leverage this data and get spending.”
Jumio reminds hotspot users that coffee shops aren’t the only places where identity thieves are waiting to grab your sensitive information:
- Restaurants: Between lunch meetings and interviews, food and drink establishments are magnets for hotspot users trying to get their work done and for fraudsters looking for unsuspecting victims.
- Airports and train stations: The huge number of travelers making the most of their gate times makes them sitting ducks for online fraudsters.
- Libraries and bookstores: Establishments where people go to get work done, connecting to shared networks or even paying bills online, exposing their personal information.
We’ve done stories about identity fraud victims whose personal information was stolen in a hotel hotspot, a coffee shop hotspot, an airplane hotspot, and even in a truck stop hotspot. By now, it’s crystal clear that any place there’s a hotspot, there could be a hacker waiting to steal your sensitive information as soon as you connect.
Jumio isn’t the only organization that’s warned consumers about the dangers lurking at WiFi hotspots. In 2012, the Cloud Security Alliance, a leading industry organization of more than 200 enterprise security professionals worldwide, did a survey that ranked unsecure public WiFi hotspots and rogue WiFi access points among the top mobile computing security threats.
Yet many hotspot users don’t seem to know or care about the risks of exposing their personal information at hotspots. In a 2012 Public Wi-Fi Usage Survey that PRIVATE WiFi conducted with the Identity Theft Resource Center, 79% of those who responded acknowledged that using public WiFi could lead to identity theft. Yet 24% said they had made online purchases while using a public hotspot; and 57% admitted to accessing confidential work related information in a hotspot. Even more shocking, 44% of those surveyed said they either did not know or did not believe there was a way to protect their data at a WiFi hotspot.
The good news is there is a way to protect your sensitive information every time you log into a hotspot. A personal VPN like PRIVATE WiFi sends your data through a secure tunnel that makes it invisible to hackers.
That’s why the FBI, the Federal Trade Commission and the Better Business Bureau recommend using a VPN whenever you’re using public WiFi networks.