Are Public Wi-fi Networks Safe?

A public WiFi network is any network open for public use - networks like those at coffee shops, airports, hotels, malls, etc. 

There is no guarantee that a WiFi network is secure, but using public WiFi is safer than ever. This is not because the networks themselves are more secure, but rather the websites you are accessing have become more secure. In the past, if you used a public WiFi network to access the internet, information you sent over that network was vulnerable. Website encryption gives you added protection. Most websites, especially those that process sensitive data, now scramble the data (encrypt) as it moves between your computer and the website.  This protects the data from hackers who may be snooping on the network.

How do you know your connection is encrypted? Look for a lock symbol or https in the address bar to the left of the website address. It can be a bit more difficult to tell if a site is using encryption on your phone or in a mobile app uses encryption. But if the site is encrypted on your computer, their mobile sites likely is too.

Below are some good habits for using public WiFi. 

• Avoid fake networks. Confirm with the establishment exactly which network is theirs. When joining, make sure the network name is identical to the information they gave you. 
• Watch for that lock or ‘https’. It’s generally a good idea to just avoid entering any personal data into a website over free WiFi, but if you must, always look for that encryption lock or ‘https’ in the website address. 
•  Use a VPN. If you are working from a public WiFi network, connect to your employer's VPN (Virtual Private Network) if available. This will ensure all information you send is encrypted. There are also a number of free or paid VPNs that you can download for personal use. We don’t have any specific recommendations, but you can find a helpful article on techradar.  

The City of Bothell offers free guest WiFi at City Hall for visitors. 

Cybercriminals are using USB charging stations (like those in airports and hotels) to hack into phones while charging.

The scammers place an additional USB device over the real one. If you plug in, your device will charge, but malware is installed or data on your device stolen. This is called ‘juice jacking’.

Here are four ways to avoid getting juice jacked.

• Carry a portable battery charger of your own.
• Use a USB device called a data blocker that connects to your phone's charging cable.
• Use the wall plug-in socket to charge your phone.
• Completely power off your device before plugging it into a cell phone charging kiosk.

Learn More:

• FCC:  statement
• News Article: Need to charge your phone? Think twice

Smart camera systems like Ring are growing in popularity for home safety. Ring is the most popular video doorbell in the United States, accounting for 40% of doorbells in use, according to Business Wire.  

Cybercriminals have leveraged this growing popularity to exploit Ring in email phishing scams. Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement or other means in order to steal sensitive information. This is usually done by including a link that looks like it is taking you to a company’s legitimate website, but is a fraudulent website. Any information that you type into the fraudulent website, which is often a login and password, gets sent directly to the scammer. Cybercriminals will also use email attachments and when you  click on the attachment, malicious software is downloaded to your device or computer.  

Information provided by Knowbe4.com indicates that the cybercriminals send phishing emails posing as Ring to try and steal customers’ sensitive data.   Ring was not hacked nor did anything to prompt this scam. Any service could be exploited in this way. 

They start this attack by sending you a phishing email with an HTML file (website link) attached. Notice the grammatical errors, which are common in scam emails.

The email looks like it’s from Ring, but is not. It instructs you to open the file to update your Ring membership. 

If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. 

This website prompts you to enter sensitive information, such as your credit card number and social security number. 

If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real. 

Follow the tips below to stay safe from similar scams: 

• Never click a link or download an attachment in an email that you aren’t expecting.  
• If you receive an email claiming that you need to make changes in your account, always log in to the organization’s website directly. 
• Remember that this type of attack isn’t exclusive to Ring. Cybercriminals could use this technique to impersonate any type of service.  

In addition to following the tips above, it's good to make sure that your smart cameras are updated to the latest software and properly secured. Get tips from the Federal Trade Commission on securing your home security smart cameras.