Monday, 14 August 2017
Why your money and public Wi-Fi shouldn’t mix
By Tom Hartmann, sorted.org.nz
At first, it seems like a good way to save money: instead of draining our mobile data plan, simply jump online using the public Wi-Fi at the café, airport, library or school. They’re all around, and incredibly convenient. No worries, right?
Unfortunately public Wi-Fi can be just the opposite – a way to lose money. Our personal details, files or even our entire identity are out in the open. It can be a free-for-all out there.Even if we’re using an encrypted bank app on our phone, the fact that it has to go through public Wi-Fi to do our banking makes it insecure. It’s far too easy for a middleman to hop between us and our bank, sniff around and steal our information and our money. Not only that, but since these days many things online are not what they seem, even the hotspot itself can be faked. So you might be signing on to a network that looks legit, but it’s rigged to go through someone else’s computer and suck down the details of what everyone is up to.
I caught up with Sean Lyons, director of outreach at Netsafe, walking through an airport, where looking around him, he saw a “cacophony” of Wi-Fi hotspots, mobile personal hotspots and laptops. Were some fake? “It’s not hard to do that,” he explained. “It’s not something that people do a lot of, but it’s absolutely possible. We need to be on our guard and connect to Wi-Fi points that we absolutely trust. ”Of course, how we are using the internet is also a factor. “Vacuous tweets are one thing, sensitive data is another,” he said, and recommended encrypted connections and virtual private networks (VPNs). “What you’re sending out is effectively gobbledygook to anyone trying to snoop in. ”There are places", he explained, "where the internet connection is so wide open that you should avoid it. Hotel lobbies are the worst places,” he said. And while there are measures you can take, “nothing’s foolproof”.
Here’s a list of ways to get online, from least secure to most:
- Fake public hotspot (not secure, a scam)
- Public Wi-Fi (less secure)
- Unencrypted Wi-Fi, even at home, with no password (less secure)
- Wi-Fi hotspot, password protected (a bit better)
- Your home Wi-Fi, WPA2 protected (most secure)
- Mobile network (most secure)
The short of it is, anything money related – banking or shopping – should never be done over a public Wi-Fi network. There’s just no telling who else is on there, and whether they’re logging everything we’re doing while we’re on.
Best bet is to go directly through your mobile provider over their secure network. Back to the data plan, it seems.
Top tips if you have to use public Wi-Fi
If you or anyone you know (your teens, for instance) find that you still need to use public Wi-Fi, here are some top tips:
- Choose one that’s password-protected. You may need to buy a coffee at the café to get the password, but that will be worth it. (Hopefully the coffee’s good too.)
- Pay close attention to the network you’re joining. Is it the right one? Or is it bogus?
- Avoid logging in to any of your accounts that stores personal information. This can be a long list: retail websites, health providers, banks or other financial institutions, email and of course social media.
- Make sure website addresses start with “https”. The “s” stands for “secure” and data is encrypted.
- Use a VPN. A “virtual private network” is like setting up a protective tunnel that you surf through while on public Wi-Fi. Here’s more on how to do this.
- Make sure your Wi-Fi is turned off afterwards. Your device may still be connected and transmitting even if it’s away in your pocket.
These days, as long as I’m not out of data, I log on through my mobile network. “Tethering” like this gives me some peace of mind that I can trust the network I’m on.
But that’s not always possible, so it’s good to know how to stay safe in the wild world of public Wi-Fi, where we should never let our details, or our money, out in the open.