In a five-star hotel, a man connected his phone to a scam WiFi whose name was similar to the hotel’s, then he found out his bank account, social network account and other personal information were all stolen.
This actually happened in a test run by cyber security experts at a five-star hotel of Cancun, Mexico.
The “scam WiFi” in the test, is known as a “phishing WiFi”, whose names are similar to the official ones, and are commonly located in public places including airports, tourist spots, shopping centers and transportation stations, and most commonly at hotels. Once connected to a phishing WiFi, the hackers can monitor all of your online activity and steal your accounts or passwords.
Here are two “phishing WiFi” cases recently reported in China.
It happened to Mr. Huang from Guangdong last year. When Mr. Huang tried to access the WiFi of a hotel located in Guangdong during his stay, there were two similar WiFi hotspots available, and one of them required a password. He connected his phone and laptop to the stronger one which didn’t need a password.
Later in the night he was awakened by SMS saying someone had logged on his Alipay and transferred away hundreds Yuan from his bank account. After confirming with the hotel, he realized it was a phishing WiFi that he had connected to.
Another report was from a netizen named Cheng Yufei, who had bought takeaway food when staying at a hotel, through a free WiFi hotspot and later found that his money in his TenPay account was all stolen by two transfers.
Although the risk is still there, phishing WiFi attacks have declined due to growing safety awareness. According to the 2017 Chinese public WiFi security report, most scam WiFi hotspots are low-risk, and don’t cause obvious harm to users. The ratio of moderate-risk hot spots is 0.0019% and for high-risk is 0.0091%.
However, the possibility of being having your information stolen still exists. An anonymous cyber security expert explains that most of the high-risk WiFi hotspots link the users to phishing sites, or tamper with SSL, to steal highly sensitive personal and banking information. Data has shown that the loss caused by phishing WiFi is around 5 billion Yuan in 2015.
Most “phishing” cases result in immediate economic losses, and it is difficult to catch the criminals due to the obscure nature of such attacks. The crime is done remotely, so there are many technological barriers to getting evidence. In addition, there is difficulty in pursuing legal responsibility, due to the multiple parties involved.
So how can you avoid fake WiFi hotspots, and not lose any money?
1. Ensure with the staff at the hotel, or cafe that the available WiFi hotspot is official.
Due to hackers building these “Phishing WiFi” hotspots in popular areas such as hotels or cafes, it is important to check with the staff to ensure the Hotspot is safe. Additionally, don’t connect to random “unmanned” hotspots in vast public areas such as Malls or Parks, unless you can confirm the authenticity.
2. Avoid using public free WiFi to do online shopping or banking.
A big tip is to not use Public WiFi for anything sensitive, this includes banking and online shopping. This is especially important in airports, hotels, shopping malls and other vast areas. Use your mobile data instead.
3. Change your passwords regularly
Frequently change your passwords for your banking, shopping and payment accounts. Try not to use the same password for every website.
4. Switch Off WiFi
After connecting to a WiFi hotspot, your phone will automatically connect to it by default when you are within the area. To prevent this, you can turn the feature off within your WiFi settings. However, sometimes it is easier to simply turn off your WiFi.
5. Contact your bank or the police!
Lastly and most importantly, if you believe your personal information or money has been stolen, contact your bank and other services such as the police