Public Wi-Fi a risk
ESET says people should exercise caution when accessing Wi-Fi in spaces such as airports, as increasing numbers of users risk having sensitive personal information captured whilst using free Wi-Fi.
The security software firm says logging in to check bank balances, online shopping or sending e-mails all mean computers have to send login information across the network – a goldmine scammers look for.
"Sitting in an airport is the ideal time to grab your laptop and send out a couple e-mails using a free Wi-Fi hotspot. You connect and send, and are off on your way. What you don't know is that the free Wi-Fi may come with a price: your login credentials and network traffic being sniffed and captured before sending them along to the real Wi-Fi hotspot, and your information stolen en route, undetected," says Carey van Vlaanderen, CEO of ESET Southern Africa.
According to the findings of the Online Security Brand Tracker, a global research project commissioned by ESET - carried out by InSites Consulting (April-May 2011), and analysis conducted by United Consultants, almost half of the users worldwide are connecting to the internet using portable devices as the primary connection device, notebooks being the most popular (41%), followed by netbooks (3%), smartphones (2%) and tablets (1%).
“Hotspots with unrecognisable names or ones that closely resembles the name of the official one should raise immediate flags of awareness. Be especially wary of "unsecured" hotspots, ones where you don't need to enter a password to gain access.”
"The magic happens through a proxy technology, which intercepts your Wi-Fi communication, captures and stores a copy locally on the scammer's laptop, then sending your information on to a "real" Wi-Fi hotspot. This will slow down your traffic a little, but with congested networks, it is often hard to tell if your traffic's being snooped, or if there are just many users logging in at the same time," says van Vlaanderen.
ESET warns users that whenever you shop online, log in to check your bank balance or catch up on e-mails, your computer has to send the login information across the network - which is a goldmine scammers look for. Normally, if you login to a bank website, you'll see the bank address beginning with "https" rather than "http" which means the traffic is encrypted. If the scammers succeed in capturing your encrypted credentials, they can still run a program later in an attempt to get to your credentials.
"So, if the criminals get their hands on the information, they have all the time in the world to work on decrypting it, and you may notice fraudulent account activity days or even weeks later. Use caution and pay attention to details when using public Wi-Fi," concludes van Vlaanderen.
ESET cautions users to be aware of the following security threats whilst using free Wi-Fi:
- Evil twin login interception: networks set up by hackers to resemble legitimate Wi-Fi hot spots.
- 0-day OS/app attack attempts: an attack through previously unknown exploit.
- Sniffing: computer software or hardware that can intercept and log traffic passing over a network.
- Data leakage (man-in-the-middle attack): Cyber-criminal can modify network traffic and let you think you are dealing with your bank while, in reality, you are sending him all your credentials.