Wi-Fi Warning: Free Hot Spots Are Vulnerable

By Dana Neuts

Did you know that using public Wi-Fi to access your bank account online or make credit card purchases can put your personal information at risk for fraud?

Nearly half of all Internet users in Washington failed a quiz about online and wireless security, according to “Shady Signals,” a new report by AARP.

“The availability of free Wi-Fi at just about every coffee shop, hotel or public gathering place offers limitless surfing possibilities for online users on the go,” said Doug Shadel, AARP state director. “We’re often trading our own data security for that convenience, and our report shows Washingtonians are ill-prepared to meet the challenges of sophisticated con artists and hackers.”

With 73 percent of Washington adults using the Internet every day and 25 percent using free Wi-Fi at least once a week, personal information is at greater risk of being stolen by hackers, and most victims will never know how their data was taken.

To combat the problem, AARP has partnered with the Washington attorney general’s office, Microsoft and the Federal Trade Commission to create a Cyber Safety campaign. Launched in May, the campaign includes a series of educational videos featuring Shadel and online security expert Andrew Becherer, technical vice president of NCC Group, a security consulting firm.

Trust a hot spot?
The videos describe specific online vulnerabilities. A “man-in-the-middle” attack, for example, occurs on public Wi-Fi when a hacker inserts himself between two parties and impersonates both sides of an exchange, collecting personal data.

An “evil twin” is a Wi-Fi access point created by a hacker that looks legitimate but is used to steal personal information.

“The problem of Wi-Fi ‘insecurity’ is more prevalent with the growing popularity of smartphones and laptop computers,” Becherer said. But it may be difficult to determine if a Wi-Fi hot spot is trustworthy.

“Users place a high degree of trust in a network operator when they connect to the Internet in a public place,” he said. “With direct network access to a user’s computer, criminals have a number of avenues to compromise user accounts.”

Four out of five adults 50 and older access the Internet daily, and they tend to be more conservative in their online activities than younger adults, Becherer said. But “older users frequently have the most to lose, given the decades they have had to accumulate assets.”

Users can take some simple measures to protect themselves and their personal information:

• Use good password hygiene. Choose complex passwords with letters, numbers and symbols, and use a different password for each account. Change passwords every three months.
• Use devices and software that are currently supported and regularly updated with patches from the manufacturer. Users are at greater risk when they use outdated software like that used on the first-generation iPad.
• Do not trust public Wi-Fi networks for financial transactions, even if the website uses the security prefix “https.” Instead, do your online banking and shopping at home on a secure network.
• Disable your wireless connection to prevent unauthorized access if you are in a location with a public Wi-Fi network, even if you are not on the Internet.
• Put a passcode on your smartphone.
• Use WPA2 wireless data encryption on your home network.

 

To help you learn more about keeping your personal data safe, AARP is hosting programs with security experts on Oct. 7 in Kennewick and Oct. 8 in Yakima. Other free AARP Fraud Watch Network presentations are also planned. Go to aarp.org/wa for information and to register.

If you are the victim of a cyber attack, file a complaint with the state attorney general’s office at atg.wa.gov/file-complaint.

Dana Neuts is a writer living in Seattle.