Bay Area IT Support & IT Services

The Intivix Blog

Business IT Articles, News and Tips

Agony! My Phone Got Hacked at a Football Game!

My family loves our local football team. We’ve been die-hard fans since we were children.  And as season ticket holders, we rarely miss any home games.  However, the last game was a nightmare for me.  Not because my team played poorly, but because my phone was hacked.

I used the public Wi-Fi at the stadium to purchase a tee shirt for my granddaughter.  Of course, I had to key in my credit card number like I always do. But, because I was using public Wi-Fi, my card number was revealed and stolen.  I didn’t find out until my statement came through with charges for items I never purchased.  Luckily, I was able to file a claim with VISA, so I didn’t have to pay for the false charges. They canceled my card and issued me a new one.  However, now I wonder what else the hacker found.

I learned my lesson.  I’ll never use public Wi-Fi for shopping or anything else that could jeopardize my privacy. I also did some research about using public Wi-Fi.  This is what I learned.

Public Wi-Fi

When using public Wi-Fi, you should only send information to websites that are fully encrypted. Most Public Wi-Fi hotspots don’t encrypt the information you send over the Internet and aren’t secure. A secure wireless network encrypts all of the data you send over that network.  Public Wi-Fi doesn’t.  Encryption keeps your personal information secure when you’re online. It scrambles the data you send over the Internet into a code so others can’t view it. Don’t send confidential information over public Wi-Fi unless the website you’re visiting has encryption. An encrypted website protects the information you send to and from that site.

Unsecure Public Wi-Fi

Whenever you send an email, share photos and videos, or use social networks over unsecured public Wi-Fi your information can be exposed.  Wow, I didn’t know this, did you?  I upload photos to Facebook all the time using public Wi-Fi. And emails too!  I’ll be very careful now to only do this over a secure Wi-Fi network.

Encrypted Websites

When you see https at the beginning of the we b address, this lets you know that it is encrypted. Sites with HTTP aren’t encrypted.  Most banking sites use encryption to protect your information as it travels from your computer to their server. However, it’s important to know that some websites only use encryption on the sign-in page and not the rest of their web pages. Providing your confidential information on a page that is not encrypted, will allow your account to be hacked. So, make sure every webpage has https at the start of the web address.

Mobile Apps

Mobile apps don’t have an indicator like https, so you know that a website is secure. Another “Wow.” I never thought of this when accessing websites from my smartphone. I check for https when using my computer, but not when using my phone. Many mobile apps don’t encrypt information properly, so you shouldn’t use your mobile apps on unsecured Wi-Fi. If you want to use a mobile app to send confidential information, make sure you use a secure wireless network. You can also use your phone provider’s 3G or 4G data network.

Unsecured Network

If you use an unsecured network to log in to an unencrypted site other people using the same network can see what you’re entering.  They can even “hijack” your session and log in as you! Evidently, the hackers have access to free tools to do this.  They don’t need to be “computer geeks” to do this. They use these free tools to steal login credentials, personal information and even documents you send via email or messaging. Even worse, the hacker can use your accounts to scam other people on your contact lists. What a nightmare! I’ve emailed everyone I know to warn them that this might happen.

Two-Factor Authentication

Remember to use two-factor authentication. This requires two pieces of information (a private password and code) before you can log in to your account.  The best websites and services support two-factor authentication. This way, even if a hacker gets your password due to a security gap in public Wi-Fi, they still won’t be able to log into your account.

Wi-Fi Name Legitimatewi-fi

Make sure the public Wi-Fi name is legitimate. Hackers set up fake ones to trick you into signing onto their fraudulent site. The name will look similar to the real one. So, scrutinize the name and make sure you’re not signing onto a malicious network.  If you do, your device is literally in the hands of the hacker. When I’m in a coffee shop or doctor’s office, I always double check with an employee to make sure I’m signing onto the right network.

How to Protect Your Information Using Public Wi-Fi

The US Government’s Federal Trade Commission has some great info on how to protect your information when using public Wi-Fi.  Here’s what they say you should know:

  • Using a hotspot to login or send personal information, use only fully encrypted websites.  To be secure from the time you login to the site until you log out your entire visit to each site is encrypted. Log out right away if you find yourself on an unencrypted page.
  • Don’t stay permanently signed into accounts. When you’ve finished using an account, log out.
  • Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
  • Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings and keep your browser and security software up-to-date.
  • Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
  • If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
  • Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
  • Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons, this will force the browser to use encryption on popular websites that usually are not encrypted. They don’t protect you on all websites — look for https in the URL to know a site is secure.

I learned my lesson about using public Wi-Fi the hard way. I hope this information helps to keep you safe when online. The time to make the move is now!  Contact the Intivix expert team now at (628) 867-6130 or [email protected].  Intivix is your San Francisco based IT team ready to meet your needs.  Stay in the know, Follow us on LinkedIn, Twitter, Facebook, and Instagram for more tips and tricks.