We all love connecting to free public Wi-Fi, whether we are in the library, coffee shops or in a restaurant. After all, it’s free, easy to access and can save your data allowance, so you won’t have to worry about receiving an expensive phone bill.
Little do you know that just as much as you love free public Wi-Fi, so do hackers. A stranger could know your full name, your birthplace, the schools and colleges you attended and worst of all, your recent search history.
Hackers have found ways to access your private data through unprotected public Wi-Fi’s, and can potentially steal your identity. Once your identity is stolen, you’d be amazed at what they can do with it. They can either sell it on the dark web or apply for bank loans, credit cards and claim government benefits, in which will ruin you financially. The possibilities are endless with identity theft.
Take for instance a couple of years ago, hackers could login on your Facebook account if you were on the same Wi-Fi network as they were using. They’d view all of your messages and private pictures, and could even post statuses.
According to the US Bureau of Justice, in a 2012 study they found that identity theft victim’s financial losses totaled at a whopping $24.7 billion. This is over $10 billion more than other losses attributed to other property crimes such as motor theft, household burglary and property theft combined.
In this article, we will explore the ways in which hackers steal your information, and share simple solutions to protect yourself from the vast majority of their hacks and their strategies.
How do hackers steal your information on public Wi-Fi?
Hackers steal information by preying on easy/weak passwords or unprotected networks. Most of these public connections have either shared passwords or are totally unsecured with no passwords at all. Unsecured connections are an easy target for hackers and public Wi-Fi is a heaven for them.
The way they hack is by looking at the information of the websites you visit. They do this with no effort at all. Of course, you connect to the Wi-Fi to use your social media accounts, shop online or do other things, while someone is on the same network stealing all of your sensitive data.
Here’s 3 common methods in which hackers use to steal your identity.
1. The man in the middle
The man in the middle is a very common attack and most public Wi-Fis are vulnerable to it. MITM is common because it’s simple and requires no effort at all. Hackers using MITM attacks can see the information that’s going to and from your device. They can also intercept and change any communication between your device and the website, since the data transmitted is generally unencrypted. Moreover, the hijacker can then present you with a fake version of a website to display to you to steal more of your passwords and usernames.
Obviously, the worrying part is when you are using online banking or exchanging any types of payment details online or over emails. The uninvited hijacker can sniff those information and steal all of it.
2. Packet sniffing
Scammers can use special types of software called “packet sniffers” to collect victims’ airborne data and then analyze it later on at their convenient. A packet sniffer can capture all types of data that passes through a network. An unencrypted network can be easily read by a free packet sniffing software such as Wireshark. The software is totally free and even has “how to” guides, which teaches you how to use it properly.
Generally speaking, packet sniffers are used by network and system administrators to monitor and troubleshoot any network traffic and to find vulnerabilities that need patching, thus making them legal to download and use. Ironically, hackers can use this software to their advantage and obtain plenty of data that they later can scan; looking for sensitive information at their leisure.
3. The evil twin
The evil twin is basically a fake Wi-Fi connection and is a variation of the MITM attacks. Using this attack, hackers can set up fake Wi-Fi hot spots waiting for you to connect your device. Once you innocently connect to this fake Wi-Fi, you will fall into the hacker’s trap. The hijacker can then see and collect any data that is being transferred over the network. Some hijackers use advanced techniques in which they lure your device into automatically connecting to their fake Wi-Fi connection. They do this by broadcasting fake information such as fake credentials that matches the routers you have connected to in the past.
The evil twin is fairly easy to set up. Cyber criminals can easily set up a fake access point (AP), by using any device with internet capabilities such as a smartphone. They setup an AP with a genuine hot-spot name like “free public internet or free Wi-Fi”. After the victim connects to the network, any data that is being transmitted goes straight to the hacker.
How to protect yourself from hackers
Some public Wi-Fi (like McDonald’s) requires you to login to use their Wi-Fi. However, that doesn’t mean it’s safe. Rather, they force you to login so that the provider can either identify you in case they might charge you, or to get your email address to send you advertisements of their products. Here are some tips to protect yourself from these attacks.
Use VPN to encrypt your data
VPN stands for Virtual Private Network. It acts as a middleman between the connection of your device and the internet. This connection is encrypted, thus hackers trying to use MITM attacks can not decrypt the information. Even if they did, they’d have to go through countless hours and energy trying to decode the data.
VPNs are also resistant against packet sniffing attacks. VPN packets are encrypted so that no hacker is able to read them. Each data packet that is sent between your device and the VPN server is encrypted, making it impossible for anyone to read.
Luckily, there are heaps of free VPN services that you can use on your computer or smartphone. There are also cheap VPN services that provide better protection.
However, if your device is compromised by malware, then a VPN might not protect you from scammers. For example, if your device is already infected with malware or key-loggers then a VPN won’t do much to protect your data.
Tether your internet connection
It’s best to spend couple of dollars a month to get a high data plan than be a victim of an identity theft. The best protection against these attacks is to use your own private connection, since hackers can find it more difficult to break into. But again, data plans might be a bit pricey depending on where you live. So use what is best and worthy for you.
Surf the net with caution
It maybe obvious to most but many people have fallen victims to very common scams. Use the internet with common sense and don’t click on any ads. Always be cautious when connecting to public hot spots. If something sounds too good to be true then it probably is. Avoid clicking on any links that look too dodgy. If you have to use your social accounts or bank online then use your mobile data rather than a public Wi-Fi. If you have no choice or have maxed out your data plan then use a VPN on public Wi-Fi.
Avoid unencrypted websites
Like I said before, the best defense against peering eyes is encryption. If you are using online banking or Facebook then make sure the site uses an encrypted connection. You can tell if a website uses encryption or not by looking at the address bar. If you see HTTPS (S stands for “Secure”) then your connection is encrypted. Also, if your browser warns you about a website not being genuine then please do take it seriously. Browsers have become more secure and can block dangerous websites.
Remember, all e-commerce websites such as PayPal, eBay and Amazon have their own encryption techniques. Thus, make sure these sites use the HTTPS, ie (https://www.facebook.com/), so that you know it’s a genuine website and not a fake one.
Use two-factor authentication
Another step you can take to stay extra safe is to turn on “two-factor authentication” for all of your web services. Two-factor authentication is a great layer of defense and works well with VPNs. The way it works is every time you try to login, the website will send you a text message to your phone with a code that you need to enter into the website, in addition to your password. This way, even if a hacker gets your passwords they won’t be able to login, since they don’t have your phone.
Always take precautions and take your online safety very seriously. Don’t just connect to any free Wi-Fi or use any computer to login to your social accounts. Identity theft is very common and you won’t be laughing once you find out someone has all of your life’s most sensitive information on their computer.
I hope you found this helpful. Let us know your thoughts on identity theft in the comment section below.