Public Wi-Fi: Are You Getting a Side of Identity Theft with Your Latte?

Image Not Available

As a freelance writer, I have a number of offices. One is in the library. Another is in our local coffee shop. Sometimes, my office is even in the doctor’s waiting room.

Yes, thanks to my laptop and the power of public Wi-Fi networks, virtually anywhere I go can be transformed into a temporary office. But is that really smart?

The Federal Trade Commission recently issued a consumer warning about compromised Wi-Fi systems at hotels. In some situations, visitors were getting a pop-up for a software update when logging on for the first time. They assume it’s part of the hotel’s Wi-Fi system, click OK and inadvertently load software from hackers, not the hotel.

But what about those of us who aren’t clicking boxes and downloading files? What about those of us who are simply checking our email while our kids play at McDonald’s? Are we at risk, too?

To find out, I contacted a security expert. He told me public Wi-Fi may put your information at risk, but there are ways to minimize threats while working on the go.

Convenience comes at a cost

Andrew Gavin is an executive consultant with Global Consulting and Integration Services at Verizon Enterprise Solutions. He says that what makes public Wi-Fi networks so convenient to customers also makes them attractive for attackers.

“Since most public Wi-Fi networks are not encrypted… attackers can passively monitor [consumer] communications from several hundred feet away if no additional encryption, such as HTTPS, is used,” he explains.

In other words, websites with addresses starting with the standard HTTP are simply sending your data through cyberspace unprotected. It’s like sending a postcard rather than a letter. Anyone who sees your postcard can easily read the information on it.

Now, if the website address says HTTPS, you get the added security of encryption, but even that is no guarantee. Going back to our mail analogy, if you send a letter, what you write is more protected, but people can still get to it if they are motivated. Plus, some sites use a combination of HTTPS and HTTP pages, which could be problematic.

“Even if consumers use public Wi-Fi to access a sensitive site secured by HTTPS, that site could be misconfigured,” Gavin says, “and, as a result, leak sensitive information over any insecure HTTP page download that attackers could capture.”

No way to know where attackers are lurking

If you think there are telltale signs that will give away when an attacker is lurking nearby, think again.

“There is no way for an average user to determine if a public Wi-Fi network has been compromised or is being monitored by attackers,” says Gavin. “Most attacks are passive, meaning that attackers can simply lurk in the background and listen to or capture any insecure communications done over the public Wi-Fi network.”

And don’t count on being able to spot a shady character in the corner either. Gavin notes attackers can be several hundred feet away and may not even be in the same building as you.

“When I use public Wi-Fi hotspots, I always assume somebody else is watching what I am doing,” he says.

As a result, your best bet is to avoid doing anything beyond basic browsing and window shopping when logged into a public system. And that’s a bit of a bummer to hear, especially if you rely on public networks, as I do, to work on the go.

Fortunately, Gavin has some advice on that, too.

How to safely connect to the Internet away from home

The easiest option, for those of you with a cell phone and a data plan, is to tether your phone to your computer or use it as a mobile hotspot. Then, rather than using the public Wi-Fi network, you can access the Internet through your data plan’s connection.

Thanks to a 2012 FCC settlement, those of you who pay for a set amount of data each month should be able to tether your phone for free and use that data. If you’re grandfathered into one of the old unlimited plans, you may have to pay to use your phone as a mobile hotspot. That’s the situation I find myself in, and I need to shell out $30 a month for 4GB of data if I want to use my phone as a hotspot. However, it may be money well spent if it prevents someone from stealing my passwords and other sensitive information.

“Using a mobile phone as a hotspot, as long as encryption is used, is a lot safer than using public Wi-Fi,” Gavin says. “If people want to use their phones as hotspots, they should ensure they are using “WPA2-PSK” encryption with a password consisting of a mix of letters, numbers, and special characters. If secured correctly, mobile phone hotspots are much more difficult for attackers to compromise and monitor than public Wi-Fi hotspots.”

The other option is to create a virtual private network, known as a VPN. A VPN is how businesses keep their data safe when remote workers login, and it can give you an added layer of protection when using a public Wi-Fi network. If you’re all about learning the technical details, head to this article from PCWorld. Or if you just want to know where to get a VPN, you can read reviews at PC Magazine.

Public Wi-Fi systems can be a boon to productivity, but before you start swapping sensitive information over the Internet in the library or the coffee shop, take a cue from the experts. Make sure you’re not accidentally handing over all your passwords and personal information to the bad guys.

Are you part of the workforce that occupies coffee shops and public spaces? Let us know how you handle your security concerns while connected to the Internet in the comments section below or on our Facebook page.

Among the hazards we all face in the digitally connected world is identity theft. Watch the video below to learn ways to minimize the risk that you will be a victim of this increasingly common threat.

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.