How do you stay safe on public WiFi? And what, exactly, is WiFi spoofing? Let's talk about it.
WiFi spoofing is where someone drops a device in proximity to a known wireless network, like at a Starbucks, a restaurant, a hotel lobby, or a convention. That device broadcasts the same ID as the WiFi that's being provided by the establishment.
If you mistakenly connect to that WiFi as opposed to the other WiFi, everything that you do on the internet from that point on is being monitored and recorded. And when you log onto your bank with your username and password, for example, they get the username and password to your bank.
This is really easy to do and it's very common. There are small devices called Raspberry Pis. They're a little board that can be battery-operated. You can program it to be a WiFi access point, and put it in a paper bag, throw it in a trash can, stick it under the moss in a potted plant, or stick it under a couch anywhere in a public area, and it can stay there undetected.
This is really common in trade shows and convention centers and hotel lobbies. The major hotels broadcast the same SSID.
And when you come in, connect to the internet, and open up your Outlook, your Outlook sends your username and password across the wire. Now they've captured it. Then you go check your bank, and your bank name and your username and password get sent across the wire.
How Does WiFi Spoofing Work?
When you connect to a wireless network, it’s your gateway to the internet. And you won't necessarily know that you're being watched or that the data is being recorded. In many cases, it'll just direct you to a bogus login page.
If you log in to Bank of America, for example, it'll deliver you to a Bank of America page. Then you type in your username and password, but it doesn't work because it's not sending it to Bank of America. So you try it again. And that verifies your username and password for the bad actor. Now they know exactly what your credentials are, so they can log into that site.
What Should I Do Instead of Using Public WiFi?
The way around this is to not use public WiFi unless you know it's safe. The safest way is to use your phone as a hotspot.
Instead of using the public WiFi in Starbucks or the hotel lobby, connect to your phone and use that as your internet gateway. Or wait until you're in your room in a hotel. In the room in your hotel, you have to put in your last name and your room number. You have to be a registered guest, which offers an additional level of security.
Lots of times, people walk into a building and the first thing they ask for is the WiFi information. Maybe they want to save money and not use their Verizon or their T-Mobile service, but they connect to the WiFi. And that's the least secure thing you can do.
Remember that you should use your phone as a hotspot. Also, even on an airplane, you can subscribe to an internet service while you're on the airplane. Just be aware of what you're doing.
Also, do you really need to check your American Express account or log into your bank while you're sitting on an airplane? Honestly, you probably don't.
It’s essential to be aware of what you're doing and what network you're connected to.
Cybersecurity & WiFi Spoofing Prevention Tips
Another great way to stay safe is to subscribe to our security tips. Go to cybertrust-it.com to sign up for our weekly email security tips.
Those tips cover subjects like spoofing WiFi, how to set a secure password, and how to be responsible when you’re using mobile devices in public. You can also sign up for a complimentary cybersecurity assessment on our website.
What if you do fall victim to WiFi spoofing and your email or your bank credentials have been compromised? If you work with CyberTrust IT Solutions, we have a process that we go through to heighten the cybersecurity on your network.
We use the same process for our clients that we use on our network, and we have cybersecurity insurance in place. Our insurance company allows us to extend that coverage to you.
By definition, their agreement is that we manage your network the way we manage our network. That makes it easy for you to get the cybersecurity policy. So if something happens to you like wire transfer fraud, because your bank credentials have been given away, then you would be covered by that policy.