We’ve all been there. It’s been a long day, and we finally get a chance to use our devices and look for Wi-Fi. Good news: You’ve found one that doesn’t require a password! Free Wi-Fi saves the day. You click to accept and head to your favorite website to watch kitten videos.
There’s just one problem: what if that free WiFi was a trap? One of the most clever phishing scams out there right now is built on the lure of free WiFi using rogue access points, and it has enough variations to stay ahead of the security teams at Apple, Samsung, Microsoft, and our own security for one simple reason: The soft spot in your security is you.
Here’s how phishing on rogue access points works: The scammer will set up a wireless router offering free Internet, often marked “Free WiFi,” “ATT WiFi,” or “Starbucks.” Would you be suspicious of those networks? Many people just look for the strongest “free” network, while most of the rest of us look for a name we trust. How paranoid do you have to be to not connect to Starbucks WiFi at the mall? Once you connect, though, they have a variety of ways to get any information they want off your phone or laptop.
Even scarier, some scammers are using programs that tell your phone that the name of the free wireless available from the scammer’s router is whatever name your phone is looking for, so it can even connect automatically while in your pocket. You can get phished over your phone just by walking in the wrong area.
Once you’re on their network, they have a variety of ways to steal your info, from just grabbing your session cookies to using keystroke monitors to get logins and passwords, to the traditional phishing technique of creating dummy sites that look like Facebook or major credit card websites to prompt you for your info.
Here’s what you can do to stay safe:
Turn off your WiFi unless you’re at home or work.
Yes, the only thing worse than mobile network data speed is mobile data network pricing, or maybe mobile network customer service. Unfortunately, all that WiFi you grab every day can be dangerous. Even if you’re not running into rogue access points, you’ve still got to hope that the coffee shop or burger joint actually pays attention to the security of their wireless router, which few even think to do. Even those businesses that do think about security rarely spend money on it – rarely are they bringing in a professional. No, they’re asking a minimum wage employee to “take care of it” because “you’re young and good at computers.” On a related note, isn’t it odd that coffee shops don’t spend more time thinking about their WiFi? Isn’t that a core business at this point?
Even then, make sure your home and work WiFi networks are safe.
Endpoint security, like Norton Anti-Virus, is not as effective as it once was, simply because there are so many more points of vulnerability than there were a few years back. We’ll have an extended look at securing your WiFi network in a future installment, but for today, set up your password with WPA2 Enterprise encryption. If your router does not support it, it’s time for a new router.
Rename your home network something like “This Public WiFi is UNSAFE.”
It might sound weird, but if a scammer tries to use software to tell your phone the name of his network is the same as your home network, your phone will tell you it’s connected to “This Public WiFi is UNSAFE” and you can get off of it.
Apps are your friend.
Most apps, including ours, use HTTPS security, rather than HTTP. This can actually stop some of the tactics many scammers use. Remember, they don’t want to beat the best security; they want to do as little work as possible and beat those unwary souls who rely on the worst security. A simple step up is enough to keep many scammers at bay.
Get an app that prevents rogue access.
Depending on your operating system (OS), you have different options but search your app store. It’s worth the trouble and $4.99.
Like what you read? Join our e-mail list!