They say you shouldn’t judge a book by its cover, and the same might be true of WiFi, because anyone can come up with a name that seems convincing and yet is a security nightmare.
Dodgy WiFi is actually a thing, and while leaning on public and seemingly free WiFi seems like it could be trustworthy enough, if you don’t know who is running the internet connection, your data could be at risk.
During major events where tourists become a little more trusting, that can be a huge problem. Technically, it can be an issue for any traveller, whether they’re simply on holiday or away on business, but with major events like the World Cup seeing thousands of people make their way to places, scammers could be eyeing that sense of trust and simply running with it.
We already know criminals are turning World Cup fever into scam central, and research from Express VPN suggests another vector they could cash in on, as dodgy WiFi becomes more difficult to predict.
According to its research of over 6000 football fans across six countries (Australia included), over 60 percent of Australians would trust WiFi networks by name alone, a problem when the name is one of the easiest things to set up for wireless networking.
Much like how the name you apply to your email account isn’t exactly sacred, neither is the Service Set Identifier, also known as the WiFi name. While all devices definitely come with it preset, the WiFi name is one of those things you can easily change.
Most people will change it to something familiar, while others may want to be a little more dubious, and change it to something entirely to ensnare the unsuspecting. That could cover similar names to a venue, such as “MCG_Stadium_WiFi” and “MCG_Melbourne_WiFi”, and others much like that.
Working out which one is legitimate is next to impossible by glance alone, yet over half of Aussies saying they would trust the network if it appeared to come from a hotel, an airline, or a stadium. Despite this, one third of Australians said they could work out the difference between a real WiFi and a less legitimate option, and when connected, will use it for a variety of things, whether it’s social media, email, banking, or shopping.
The problem is knowing whether something is real or not is difficult, and often doesn’t come until after something has happened.
When data passes over a risky network, the WiFi operator may already have access to the details, even if you haven’t touched a dodgy or scammy website.
It shouldn’t be surprising that ExpressVPN covered this research; aside for World Cup fever exposing more people to wireless networks while travelling, using a virtual private network (VPN) can essential mask your data, creating a tunnel and appearing like meaningless data to anyone trying to peek in.
“When you connect to public Wi-Fi your data travels across a shared network that anyone else on that network can potentially see,” said Aaron Engel, Chief Information Security Officer at Express VPN.
“Without a VPN, your login credentials, banking details, emails and personal information are potentially travelling in plain sight. A cybercriminal on the same network can intercept that traffic, capture your passwords as you type them, or redirect you to a fake login page without you realising anything has happened,” he said.
While VPNs are potentially a solution to using public WiFi, they may not be the ultimate cure. Yes, you can connect to a public WiFi, run a VPN, and feel as if you’re a little safer because the scammer and criminal won’t be able to look at your data and use it.
But it’s also worth keeping in mind solid internet hygiene, and only rely on public networks when you’re sure of the network ID, such as when it has actually been supplied by a venue, a business, or a home where you know someone.
Alternatively, using your own mobile connection tends to be the safest approach, and while travelling can make it more expensive to do this, it does at least mean your data is specific only to you and the places you visit.
A VPN can boost the security here, too, but it may not be as necessary, unless you’re trying to access something specifically from inside your country and working remotely.
