Is Public or Unsecured Wi-Fi Safe To Use?
When Alec Daniels sat down at his local coffee shop, no one would have taken the 86-year-old for a hacker. But within less than 17 minutes, Alec had taken over the cafe’s public Wi-Fi hotspot and distributed phishing emails to everyone connected to the network [*].
The good news, is that Alec is an ethical hacker (a hobbyist who hacks to highlight cybersecurity vulnerabilities). The bad news? Not every hacker is here to help.
Whether you’re logging on to check your bank statements or working remotely from a cafe, hotel, or airport, using public Wi-Fi poses security risks that few people take seriously. According to a 2022 survey [*]:
Close to 50% of Americans regularly use Wi-Fi hotspots to carry out financial transactions, while 18% use public Wi-Fi to work remotely.
Without proper precautions, hackers can take advantage of public Wi-Fi’s lax security to spy on you, steal your personal information and passwords, or even take over your online accounts.
In this guide, we’ll explain how cybercriminals hack Wi-Fi networks, the true dangers of public Wi-Fi, and what you can do to keep your devices and personal information safe and secure.
Can You Get Hacked Using Public Wi-Fi?
The short answer is yes, you can get hacked using public Wi-Fi.
Cybercriminals use a combination of technical know-how and free tools to sneak into unsecured networks and steal sensitive information. This could include passwords, banking information, or personal data that can be used for identity theft.
Here’s how public Wi-Fi networks get hacked:
- “Evil twin” attack. Hackers set up malicious hotspots with seemingly trustworthy names (e.g. “Cafe free Wi-Fi”). When you connect, they can easily intercept your data.
- Man-in-the-middle attack (MitM). Bad actors break into a network and eavesdrop on data as it travels between connected devices and the Wi-Fi router. For example, as you enter your password into your online bank account.
- Password cracking attack. Scammers use software that automatically tries a huge volume of usernames and passwords to unlock a router’s management interface.
- Packet sniffing attack. Malicious hackers capture data units sent across unsecured Wi-Fi. Then, they unpack the data to extract individual login credentials or financial information.
- Security vulnerabilities and/or misconfigurations. Sometimes default router settings allow cybercriminals to log in as an administrator, or plant malicious software on compromised devices.
10 Dangers of Public Wi-Fi Networks (and How To Avoid Them)
- Identity theft via online victim profiling
- Infecting your device with malware
- Stealing your passwords
- Snooping for confidential data
- Business Email Compromise
- Ransomware attacks
- Session hijacking
- Taking over your online accounts
- Targeting you with phishing attacks
- Gaining remote control of your device
Most people believe using public Wi-Fi is safe by default. But in reality, many networks use cheap routers and access points which lack essential security measures.
These 10 hidden dangers and unsecured Wi-Fi risks show how finding a secure connection is the exception — not the norm.
1. Identity theft through online victim profiling
One of the greatest risks of using public Wi-Fi is having your identity stolen. If you’re not using a virtual private network (VPN) to hide your information, hackers could easily discover enough information about you to create targeted cyberattacks and phishing emails, search for your passwords on the Dark Web, or break into your online accounts.
At a minimum, hackers can snoop you over public Wi-Fi and discover:
- Location data about where you’ve been recently.
- Personal information such as your interests, job, and marital status.
- Detailed financial information about your bank and credit accounts.
How to keep your data safe on public Wi-Fi:
Strong encryption is the best way to avoid exposing personal data over public Wi-Fi. To stay safe, use a virtual private network (VPN) when connecting to any Wi-Fi hotspot — including your own.
2. Infecting your device with malware
Using a public hotspot without protection makes it easy for attackers to sneak malicious software (malware) into your device.
Scammers can inject an infected ad into a seemingly safe website, trick you into filling out a phishing form, or even fool you into installing a fake app that records everything you type.
How to protect your devices against malware:
Anti-malware and a VPN service are essential security layers that provide protection for your entire digital life. These tools work 24/7 to keep your device and data safe as you move from one Wi-Fi network to another.
3. Stealing your passwords
Some hackers use specialized tools that search for passwords you’ve saved in your browser or typed into websites, apps, or emails while using public Wi-Fi.
Leaking your passwords is one of the most damaging public Wi-Fi risks because it gives malicious hackers direct access to your accounts. The fallout is even worse with business login data. For example, tech giant Cisco got hacked when an employee’s personal Google account login credentials were compromised [*].
How to protect your passwords:
A VPN will help hide your passwords from snooping scammers. However, it’s also a good idea to securely store all of your credentials in a password manager. A password manager automatically fills in your login data into websites, hiding it from eavesdropping hackers.
4. Snooping for confidential data
Public Wi-Fi networks are notoriously vulnerable to surveillance by bad actors looking for sensitive documents such as confidential contracts, invoices, and two-factor authentication (2FA) codes.
Your personal finances and job security could also be at risk if you use public Wi-Fi. An online session over public Wi-Fi can lead to an NDA (non-disclosure agreement) breach or to endangering your colleagues’ work.
How to keep your sensitive documents safe:
Whether you’re an employee or a business owner, it’s extremely important to be aware of security risks associated with using public Wi-Fi. A strong cybersecurity suite that protects you and your employees is essential. So is avoiding sending, receiving, and talking about confidential information over open hotspots.
5. Taking over your business accounts (Business Email Compromise)
In Business Email Compromise (BEC) scams, fraudsters target your work email and send fake messages pretending to be someone you know. They may ask you to change payment information or send wire transfers to fake “clients.”
BEC scams can target anyone – from small local businesses to large corporations. In 2021, they caused $6.9 billion in losses [*].
How to protect yourself:
Scammers will spend significant time and money to try and trick you. It’s essential that you learn how to tell if an email is from a scammer.
Digital security education helps you become more cautious. It also trains you to develop safer reflexes, such as double-checking transactions. And, if the worst happens, having financial fraud and credit protection with included identity theft insurance can be life-saving.
6. Ransomware attacks that disrupt lives and businesses
Cyberattacks against open Wi-Fi networks also seek entry points into data storage platforms. Once bad actors have access to your sensitive data, they can blackmail you for its release.
Ransomware attacks grew 80% in 2022, putting businesses and individuals at heightened risk [*].
How to protect yourself:
First off, don’t log into sensitive file-sharing services over public Wi-Fi. But if you must, make sure you’re using tools like a VPN to encrypt your data. Finally, always keep a backup of your most important data somewhere safe, ideally disconnected from the internet.
7. Using session hijacking to break into your accounts
Through session hijacking, malicious hackers take over the connection between your device and the website or app that you’re using. This gives them the same rights that you have as a legitimate, logged-in user. For example, they could break into an online store and use your stored credit card information.
Cybercriminals covet the free rein this type of attack gives them. It allows them to take over your accounts or bypass website security measures without needing a password.
How to avoid session hijacking when on public Wi-Fi:
For safe online shopping, never store your credit card details in your online account, no matter how convenient it seems. And for added security, choose an always-on, all-in-one protection plan that combines device and online security with identity and financial fraud protection.
8. Taking over your online accounts (email, social media, etc.)
Account takeovers happen when bad actors gain unauthorized access to your accounts and take full control of them. This could include your email, bank, or even social media accounts.
Since financial institutions hardened their authentication measures, cybercriminals have been focusing on account takeover tactics that get around these measures, such as tricking you into providing 2FA codes.
How to protect yourself against account takeover fraud on public Wi-Fi:
At a minimum, always use a VPN to encrypt your data whenever you need to log into sensitive accounts (banking, online shopping, email, etc.). It’s even better to keep your VPN on at all times, so you don’t have to worry about using these high-value services.
It also helps to know if your personal data — including passwords and your Social Security number (SSN) — has been leaked in data breaches. This helps you know which of your accounts is at risk and offers you the chance to react promptly.
📚 Related: How To Know If a Website Is Safe →
9. Targeting you with phishing attacks
Phishing is a form of social engineering attack that uses deceptive messages to get victims to release sensitive information. This can include passwords, authentication codes, documents, and more.
How to avoid phishing attacks over public Wi-Fi:
In 2021, U.S. consumers and businesses lost over $54 million to phishing [*]. So it’s wise to add even more layers to your cybersecurity ecosystem in order to reduce the risk of aggressive phishing attacks.
The Federal Trade Commission (FTC) recommends that you [*]:
- Use a robust security solution like Aura that includes a VPN and antivirus protection.
- Keep your software up to date.
- Turn on multi-factor authentication (MFA), which confirms your identity via face ID, fingerprint, or one-time codes.
📚 Related: How To Prevent Phishing Attacks (17 Easy Tips) →
10. Gaining remote control of your device
In the worst case scenario, hackers may even be able to infect your device with malware that gives them remote access — or control — of it. This malware is often hidden inside infected ads on websites that hackers control.
How to protect your devices from remote access malware when on public Wi-Fi:
Multi-layered digital security is the most effective approach to keeping all your devices safe — no matter what you use them for.
An ideal digital security suite must include five essential components:
- Device security
- Data protection
- Personal information monitoring
- Expert support for guidance
- Identity theft insurance
Aura combines all of these security layers into one single, easy-to-use platform.
How to Stay Safe On Public Wi-Fi
If you want to stay completely secure, the best thing you can do is to not use public Wi-Fi connections. But, if you need to log-on or do work while on the go, there are a few ways you can boost your personal public Wi-Fi security.
Here’s what to do before, during, and after using public Wi-Fi to ensure your data and accounts stay safe:
Before connecting to public Wi-Fi:
- Turn on your VPN.
- Clear your browsing history and cache.
- Check that your antivirus is up and running.
- Turn off bluetooth discoverability settings to avoid others forcing your device to connect to theirs.
- Make sure you’ve turned on two-factor or multi-factor authentication (2FA or MFA) for your most important accounts.
- Disable auto-connect to avoid having your device forcibly linked to Wi-Fi networks.
While using public hotspots:
- Only connect to networks offered by entities you can tie to a physical location.
- Log out of any account that you don’t need to use while online.
- Close and/or quit applications that you don’t plan on using.
- Store all your passwords in a password manager and use it to autofill your login data.
- Avoid filling in sensitive information (passwords, credit card details, SSN, home address, etc.) while connected to public networks.
- Keep your list of saved Wi-Fi networks limited to only those you truly trust.
After disconnecting from a public network:
- Scan your devices for malware with antivirus software.
- Restart your device — This can help break the connection between it and a potential attacker.
- Purge networks you don’t need from your preferred network list.
- And, if you have the option, use your mobile hotspot instead of public Wi-Fi.
Can You Tell If An Unsecured Wi-Fi Network Is “Safe”?
Almost half of surveyed U.S. internet users trust public hotspots to keep their information safe. Yet most owners of establishments that offer free Wi-Fi aren’t more technically skilled than the majority of home users.
Your home network wasn’t set up by a cybersecurity specialist, and your favorite cafe’s Wi-Fi network wasn’t either. If you can’t tell if your home Wi-Fi was hacked, neither can they.
Unless you are connected to a professionally designed and secure network, assume all hotspots are unsafe.
In spite of this harsh reality, there are instances when you will need to use public networks, especially for remote work or emergencies.
Here are 10 ways to check if a Wi-Fi network is safe to use:
- You’ve confirmed with the establishment’s owners that the name of the network you want to use is the one that they set.
- You have to enter an annoyingly complex password to use it.
- Your VPN is turned on and working.
- Your antivirus software is up to date and running in the background.
- Your antivirus has traffic and content filtering capabilities.
- Your operating system, browsers, and other apps are up to date.
- You’ve quit any unnecessary programs, tabs, and applications.
- You’ve logged out of accounts you don’t need.
- You’re using a password manager to automatically fill in your credentials and multi-factor authentication (MFA) for accounts that support this feature.
- You have an ad blocker that works across browsers and apps.
💡 Related: 12 Reasons Why You Should Be Using a VPN →
Does “HTTPS” mean a website is safe to use?
A common misconception is that the “HTTPS” part of a web address automatically marks it as safe to use. This is no longer true — 82% of phishing websites [*] use encryption certificates to make them appear more convincing.
Instead, click on the padlock symbol near the URL to ensure that the site you’re visiting is using a secure connection, and that the security certificate is issued to the company you expect. (For example, any site that claims to be from Apple should have a certificate issued to Apple Inc.)
Remember, cybercriminals are quick to pivot to tactics that people trust. This makes it incredibly difficult to notice the deception without automated tools such as antivirus software.
The Bottom Line: Stay Safe Online, in Public, and at Home
Online security doesn’t have to be a constant trade-off between safety and convenience.
Despite Wi-Fi hacking and malware threats, using public hotspots is still an option, under one condition: that you have all-in-one protection that takes care of all the devices and data in your digital ecosystem.
For protection against scammers, hackers, and Wi-Fi snoopers, consider signing up for Aura.