Beware Phony Wi-Fi Hotspots revised 4/28/07

Wi-Fi hotspots are areas set up in coffee shops, airports and other commercial areas, which enable wireless laptop users to connect to the internet, usually for a fee payable to the owner of the hotspot or the network provider with whom they are associated. In most cases, to use such a hotspot the user must enter either a credit card number or the login and password assigned to them by the network provider.

Hackers and other lowlifes have started to recognize these hotspots as a way to practice their theft. Typically, they will set up their own "look alike" wireless hotspot in the same area as an existing legitimate one. If you connect to the hacker's hotspot and enter your credit card number or network login and password, you've opened yourself up to financial loss and identity theft. A variation on this theme has the hacker provide you with "free" access to the hotspot, in the hope that you may then go to a banking or e-mail web site, where you will enter account numbers, logins or passwords, all of which can be captured by the hacker. In either case, the hacker may also be able to read sensitive files on your laptop or introduce a virus or other harmful program, unless your machine is well secured.

To protect yourself you need to stay vigilant. Learn what the legitimate hotspots you use look like, since hackers cannot usually make a perfect copy. If even a tiny detail looks out of place, disconnect immediately and inform the owner of the legitimate hotspot. Also pay close attention to the exact spelling of the hotspot's SSID (the name displayed in the list of available networks). Make sure you have a good antivirus program installed, and keep it up to date. Install and activate a software firewall (go to the Links page for information on free firewall software, or use the one included in Windows XP Service Pack 2 or later). And NEVER enter a user name, password, account number, credit card number, date of birth, mother's maiden name or other sensitive information on a web site unless the page is secure; secure pages always have addresses that begin with https:// rather than the usual http://; also, most browsers show a small image of a padlock with a closed shackle when a secure page is being displayed, and either no padlock or an open shackle otherwise.