Sign In
www.google.com Sign In
Please note: Due to a potential postal disruption, statements may be delayed. You can always view your eStatements in your online banking. To find out how to switch to eStatements, click here.

Cybersecurity 101: Dangers of Public Wi-Fi

In today’s interconnected world, public Wi-Fi is everywhere, from coffee shops to airports, offering a convenient way to stay online. However, lurking behind this convenience is a serious threat known as a man-in-the-middle (MITM) attack. These cyber-attacks are not just a theoretical risk; they are a growing reality. Understanding what an MITM attack is, the various forms it can take, and how to protect yourself is crucial for anyone who uses the internet, particularly on unsecured networks.

What is a Man-in-the-Middle Attack?

A man-in-the-middle attack occurs when a cybercriminal secretly intercepts and possibly alters the communication between two parties, such as a user and a website. The attacker essentially “sits in the middle,” eavesdropping on and potentially manipulating the exchange to steal sensitive information like passwords, credit card numbers, and other personal data.

There are several types of MITM attacks. Some are technical such as IP spoofing and session hijacking—these target organizations and websites with lax or hacked cybersecurity protocols. However, Wi-Fi eavesdropping is a common form of attack that targets users directly, by taking advantage of people’s tendency to latch onto any Wi-Fi network they can find. Fortunately, there are ways for users to avoid falling for this kind of attack, if they exercise a bit of caution.

The Dangers of Fake or Compromised Wi-Fi Networks

Among the various MITM attack methods, fake or compromised Wi-Fi networks are particularly dangerous and prevalent. In the first instance, cybercriminals can set up fake networks in public places—airports, cafes, hotel lobbies, or even parks—with names that appear legitimate. (For clarity, the Wi-Fi network itself isn’t fake in the sense that it will work by connecting you to the internet; what’s fake is the network’s identification as one provided by a legitimate entity like a café, airport or hotel).  An attacker will set up a network that appears legitimate to the end-users, making them think that they are connected to a real local Wi-Fi network, whereas they are connecting to an impersonated network that can control and manipulate any network traffic that goes through it.

Unsuspecting users connect to these networks, not realizing they’ve walked right into a trap. A similar scenario can happen to a legitimate Wi-Fi network that’s unsecured or poorly secured. Such networks can be hacked by cybercriminals who can install their software to eavesdrop upon or take over traffic.

Once you’ve connected, the attacker can monitor everything you do online, from browsing social media to logging into your bank account. They can capture keystrokes, steal credentials, and intercept sensitive communications—all without your knowledge.  The attacker can also present the users with replicas of fake websites that could lead to the installation of malicious software that was made to appear as legitimate.

A Case in Point: A Vacation Gone Wrong

Imagine this scenario: You’re on a relaxing vacation at a sunny destination. During a lazy afternoon by the pool, you remember you didn’t process some electronic fund transfers for your small business before leaving. You connect to the hotel’s free Wi-Fi network, “Hotel Guest Wi-Fi,” or so you think. What you don’t realize is that the Wi-Fi network you’ve connected to was set up by a cybercriminal who is also staying at the hotel.

As you log into your bank account, your username and password are captured, along with any other sensitive information you enter. The attacker now has access to your account, and you’re none the wiser until it’s too late.

Protecting Yourself from MITM Attacks

The best defense against MITM attacks involving fake Wi-Fi networks is to avoid using public Wi-Fi for sensitive transactions. If you must connect, take the following precautions:

  1. Use Trusted Networks: If you’re staying at a reputable hotel, its Wi-Fi is likely secure, but don’t take it for granted. Always confirm the network name with the front desk to ensure you’re connecting to the correct one.
  2. Enable a VPN: A Virtual Private Network (VPN) encrypts your internet traffic, making it much more difficult for attackers to intercept your data. A VPN is an essential tool if you need to use public Wi-Fi. If you don’t know how to set up a VPN, talk to your IT provider; there are also plenty of online resources on how to create a VPN profile, including this article from Microsoft.
  3. Look for HTTPS: When entering sensitive information, ensure the website uses HTTPS not HTTP. This is often indicated by a padlock icon in your browser’s address bar. The padlock and “S” after “HTTP” in the web address mean the site is secure, and your data is encrypted. However, even with HTTPS enabled, an advanced attacker could use a proxy to impersonate legitimate websites, so don’t rely on this method alone.
  4. Disable Auto-Connect: Many devices automatically connect to the nearest Wi-Fi network that you have previously connected to. Turn off this feature to maintain greater control and awareness over which networks you connect to. Be cautious when connecting to unfamiliar networks.
  5. Limit public Wi-Fi Use: Avoid using public Wi-Fi altogether whenever possible. Instead, use your mobile data or a personal hotspot, which is generally more secure.

Conclusion

The usage of public Wi-Fi is a significant threat in today’s digital landscape. By understanding how these attacks work and what you can do to protect yourself, you can enjoy the convenience of the internet without falling victim to cybercriminals.

Friday | August 16, 11:43 AM
This website uses cookies to improve your user experience. By continuing to browse the site you are agreeing to our use of cookies.