While public Wi-Fi networks (or Wi Fi “hotspots”) offer free and convenient access to the Internet in public spaces, other network users may be able to watch your activity online and obtain your passwords and account information, putting you at risk of theft or identity theft.
How Can Someone Get My Information Using Public Wi-Fi Networks? Criminals can use software from the Internet to monitor your web browsing activity and view anything that appears on your device’s screen while using the public Wi-Fi network. In addition, hackers may use public Wi-Fi networks to remotely access people’s smartphones, tablets and computers to install malware or spyware that can transmit information from the device directly to the hacker.
What Information is at Risk? Almost everything on your device, from user names, passwords, and e mail addresses to the apps installed, credit card and bank account information, Social Security numbers, and birth dates can be vulnerable. If a hacker acquires your account credentials (user name and password), this information may be used to steal additional information or money from your accounts.
WHAT CAN I DO TO PROTECT MYSELF?
Use the Most Secure Network Available. If you use a public Wi Fi network, choose the most secure network available. If you aren’t sure whether the network is secure, ask an employee. Common secure network types include WEP, WPA, and WPA2 (the strongest). Even encrypted networks aren’t a guarantee that your device will be safe while using the network, however, as some hackers may be able to bypass a secure network’s encryption methods.
Use Encrypted Websites. If you send personal information through a website using a public Wi Fi network, make sure the website is encrypted (encryption converts the information to jumbled code that reverts back to its original state once it reaches its destination). You can determine if a website is encrypted by looking at the web address. If it begins with “https,” then it is encrypted (the “s” stands for “secure”).
Check for encryption on every webpage where you send or receive information—even within the same website—as some pages may be encrypted while others are not.
Log-out Immediately After Use. If you log-in to an account using a public Wi-Fi network, sign out as soon as you are done using the account. Otherwise, someone could access your account long after you were accessing it.
Protect Your Device. Keep your software up-to-date and never turn your firewall off. Your device will notify you when an update is available. Install anti-spyware/anti-malware software (there are several reputable products available online for free or with free trial periods).
Identify any public Wi-Fi network that you connect to as a “Public Network” and turn off file sharing on your computer. Consider disabling your wireless connection if you are using your device in a place with a public Wi-Fi network and do not need Internet access.
Look into using a virtual private network (“VPN”), or other add-ons or plug-ins which encrypt information between your device and the Internet.
A Word On Mobile Phones and Apps. Since mobile apps may have limited or no encryption, it can be best to avoid using them to relay important information on a public Wi-Fi network. If you have to use a mobile app to send sensitive information, only use networks you know are secure or a 3G or 4G network. Some smart phones have a feature that automatically connects them to any available network. Turn off this feature in the phone’s settings, or turn the phone to “airplane mode.”
Steps to Take if Your Online Account is Hacked. You might not realize your online account was hacked right away. Once you discover the intrusion, however, take the following steps:
1. Change your password immediately. Hackers may change your password, preventing you from accessing your account. If you are unable to access your account, contact the website directly and it can assist you in restoring your account.
2. Contact your bank or credit card companies immediately and let them know your account may be compromised. Monitor the activity on the account for any fraudulent transactions (in some cases, hackers may not use your information right away, so it can be helpful to regularly monitor your account).
3. Contact your friends and family to let them know your account has been hacked. Hackers may try to gain access to your e-mail contact list and send e mails from your account purporting to be from you. Notifying family and friends that your account has been compromised may help protect them from hackers.
Lori Swanson is the Attorney General for the State of Minnesota,