wifi symbol
Scam Prevention
Canadian Bankers Association

WiFi hotspot scam

Summary Points

Article

Whether you’re on a vacation at a resort, waiting in the airport or sitting in a coffee shop, it’s often possible to connect to the Internet through a wireless network provided by the property owner. Sometimes these will be offered for a small fee and sometimes they will be free. But be careful: sometimes free “WiFi” can be a scam perpetrated by criminals hoping to steal your personal information.

How it works

In general, this is how the WiFi Hotspot scam works:

  • Users will browse their network connections to find a wireless network in the area
  • You find a network that calls itself “Free WiFi”, or something similar, and decide to connect
  • This “Free WiFi” network is not really a hotspot, but a computer-to-computer network that might have been set up as a trap
  • While you can use the Internet as normal, the attackers have set up their computer to let you browse the Internet through their computer’s connection – as a result, they can see everything you do online

This trick is especially problematic if you’re visiting websites that require you to enter financial information, like a credit card number, bank account number or passwords. Since the attackers can see everything you’re doing online, they now may have access to your sensitive financial information.

Also, if you’ve set up your laptop to allow file sharing, the attackers can access personal files and data on your laptop, and possibly install spyware on your computer.

Beware of evil-twin hot spots

Sometimes criminals will set up a real hot spot near a café that provides WiFi for customers with the sole purpose of stealing personal information. Ask the business’ staff if there is a hot spot available and get the name from them. Only connect to that network, and if you see two hot spots with the same name, don't connect to either. One might be a so-called "evil twin" set up to trick you into connecting to the phony hot spot.

Protect yourself

The easiest way to protect yourself from WiFi fraud is to be cautious when using free public WiFi. If you’re in a coffee shop, airport or hotel that has a legitimate WiFi connection for a small fee, it’s worth the price for peace of mind. If you choose to take advantage of free WiFi availability, here are some things to keep in mind.

  • Never connect to a “computer-to-computer” network. When choosing a wireless network, check out the description of each one. A normal wireless network is simply called “wireless network” not a “computer-to-computer” network.
  • If you have Windows XP, make sure that XP never connects to an ad hoc network by doing the following:
    • Click the wireless icon in the System Tray.
    • Click Change advanced settings.
    • Select the Wireless Networks tab.
    • Click Advanced.
    • Select Access point (infrastructure) networks only.
    • Click Close, and keep clicking OK until the dialog boxes disappear.
  • Use HTTPS to access webmail and avoid protocols that don’t include encryption.
  • Turn off your computer’s file sharing capabilities when using free WiFi Internet in a public area The instructions will vary slightly depending on what computer system you’re using (Windows 2000, Windows XP, etc.), but in general this is how to turn off file sharing.
    • Click on the Start button and then select Settings > Control Panel
    • Click on the Network Connections icon
    • Right-click Local Area Connection and select Properties
    • Select File and Printer Sharing for Microsoft Networks
    • Click the Uninstall button
    • Click Yes in the window that appears
    • Click Close
    • Restart your computer
  • Use a software firewall to further control who can connect to your computer and how.
  • Avoid conducting financial transactions or accessing online banking websites if you aren’t using an Internet connection that you know and trust.

Related Articles