FRAUD RESOURCE CENTER
En español | Public gathering spots like coffee shops, grocery stores and airports commonly offer visitors an internet connection via free Wi-Fi networks, and a lot of us take advantage of the access. In a 2018 survey by One World Identity, a strategy firm that focuses on digital identity and security, 4 in 5 U.S. respondents said they use free public Wi-Fi at least occasionally, and a third preferred it to tapping their mobile data service when out and about.
It’s a great modern convenience, but also a risky one. Many public networks lack strong security protections, which makes it easy for tech-savvy scammers to break into them and take advantage of unwary users, especially those who are doing more than just looking up restaurants or checking the weather.
An overwhelming majority of Americans engage in activities on public Wi-Fi that could compromise their personal and financial information, like logging into social media, checking bank accounts, or entering credit card details on shopping sites, according to a 2017 report by cybersecurity company Norton. That kind of behavior increases the risk of identity theft by cybercrooks who exploit public networks’ security gaps to invade your phone, tablet or laptop.
One common trick is the “evil twin” hack: A scammer sets up a Wi-Fi network with a name similar to the one you’re expecting to use, hoping you’ll connect to it. Another ploy is to launch a “man in the middle” attack, where the hacker takes up a position between you and the Wi-Fi access point you’re trying to use so as to intercept your data. Once they get in, hackers aim to steal passwords and credit card information or scan emails in search of sensitive personal data.
That doesn’t mean that you should never use public Wi-Fi, but it pays to be careful and follow some basic precautions.
- A public Wi-Fi network lets you log on without entering a password. That means it probably isn’t secure.
- The network has a generic-sounding name like “Free Public Wi-Fi.”
- You’re asked to pay to use the connection. The Better Business Bureau warns that this may be a scammer trying to get you to enter credit card information so he or she can steal it.
- Do ask the staff at an establishment that offers free Wi-Fi for the exact name of its network, and make sure that’s the one you’re using.
- Do be careful about what you do on public networks. It’s generally OK to browse the web and check news, weather or traffic.
- Do consider tethering your laptop to your phone and using your mobile provider’s data network instead of public Wi-Fi. You may incur charges, but you’ll be more secure.
- Do turn your Wi-Fi and Bluetooth off if you're not using them.
- Do use antivirus software and keep it up to date.
- Do consider signing up for a virtual private network, or VPN, if you travel extensively or use public Wi-Fi often. It will encrypt your data, even on unsecured public Wi-Fi networks.
- Don’t use a public Wi-Fi network to do online banking, make purchases, check email or use social media.
- Don't go to sites where you have to enter a user name and password.
- Don't allow your device to automatically connect to any available Wi-Fi network. Check the network settings to make sure that function is turned off.
- Don’t trust that your mobile apps will be secure on a public network. The Federal Trade Commission (FTC) cautions that many apps don’t encrypt information properly. It's better to use them on your mobile provider’s data network.
- Don’t use the same password for all of your accounts and websites. That makes it easy for a crook who steals one password to gain access to other accounts.
- Don’t stay permanently signed in to your online accounts. Log out once you’re finished doing what you need to do.
Updated November 25, 2020
About the Fraud Watch Network
Whether you have been personally affected by scams or fraud or are interested in learning more, the AARP Fraud Watch Network advocates on your behalf and equips you with the knowledge you need to feel more informed and confidently spot and avoid scams.
More From the Fraud Resource Center