Prevent WiFi Identity Theft – Are You At Risk?

Protect yourself from WiFi hacks

So, you’re one of the lucky ones and you’re about to flit away to soak in the sun. Picture this: the sun is warm, the water is blue, your beer sits perfectly by your feet in manner of a Corona commercial. You’re just about to make everyone jealous on your social network… but as you go to post, an email comes through on the hotel WiFi thanking you for your $1,600 purchase to Music City in Tennessee. WHAT?!

Unfortunately hacking is so common that almost everyone we know has had an experience with it. It’s a difficult mess to clean up when you’re at home, but if it happens to you while you’re out of the country – it can be even harder to deal with, or may take you longer to recognize suspicious activity.

Whatever your plans are this Spring, it’s ALWAYS a good time to visit your online security and increase your knowledge of activity that could make you an easy target.

We’d hate for you to learn through experience, so the following real-life-I-got-hacked-on-holiday-story is sufficiently frightening. It also offers some actionable steps you can take to prevent or mitigate harm caused by a hack.

The above scenario, Corona and all, did unfortunately happen while the victim was overseas. It’s difficult to say with all certainty how the compromise occurred, but the most likely explanation is that the victim’s phone was made vulnerable during multiple log ins to an unsecured airport WiFi. Unsecured networks (those that do not require a password), are dangerous.

Why are unsecured/unencrypted networks dangerous, and how do they expose you? Even a free program like tcpdump can enable capturing of all data sent over a wireless connection; including traffic going to and from your computer. This info can be viewed immediately or later on – one of the reasons it can be tough to pinpoint how and when you were hacked.

Passwords and usernames can be captured, and spyware can be downloaded to your device remotely, including key loggers which will acquire your passwords. Take note: don’t risk connecting on unsecured networks.

Websites with the ‘lock’ https symbol are the safest to visit.

In this case study, it’s plausible that while checking their email or PayPal account, the hacker was granted access. The attacker then had the victim’s email bombarded with spam to make any notifications difficult to spot. Imagine receiving 500 spam emails at once. That should strike you as highly suspicious.

Another method hackers may use is ‘scare ware’. You might receive emails from companies appearing to be familiar, who alert you to a security compromise and request personal details.

Look carefully at the spellings and @suffixes of emails from companies you think you recognize, and never volunteer any personal details. If you are unsure, shut down, change your passwords and call us. We can run diagnostics to search for malignant software.

This was a legitimate email from PayPal however, and indicated three purchases had already been made. Most people will know this, but after a compromise, notify the companies involved. Alert them to the unauthorized purchases and suspend further activity. Get conformation that your investigation is underway. Save all correspondence.

A lot of us run businesses and rely on mobile devices to stay connected while working remotely. Think carefully here about what information you are responsible for. Basically, if you can access it, so can they. Furthermore, consider whether your employees have access to sensitive information on their mobile devices. Review their security knowledge, access levels and consider if a VPN connection is best.

Business owners who sell a service or product and accept remote payment are vulnerable from customer’s poor security.

In the case we’re reviewing here, the victim’s PayPal account was used to complete three transactions. One hack = four victims experiencing financial loss. You can start to see the extent of damage just one hack can cause. It’s important to observe a ‘herd immunity’ mentality towards online security, as just one hack can disseminate into multiple intrusions.

Lastly, keep in mind that the available balance in your account won’t necessarily cap the amount of spending. If you still have funds available after noticing a hack, move them to a secure location.

We hope this sufficiently motivates you to revisit your online protection. We are here to help you, so call us for help with protecting your data.

Finally, here’s what you can do to be proactive:

  1. Just seriously don’t sign in to an unsecured or unencrypted network – (ones that don’t require a password)
  2. Review all of your online activity to ensure you recognize it
  3. Change your passwords, use different ones on each app you use
  4. Sharing is caring! – make sure your employees are practicing safe surfing if they work remotely
  5. Ask about setting up a VPN if you have others’ sensitive info on your devices
  6. Guard your Apple ID and login like you would your social security number
  7. Notify your bank if you’re leaving the country
  8. Upgrade to the latest OS – it will generally improve security software and guide you through two-step authentication