The scam took place 2 weeks ago when connecting to a paid wireless internet at the airport. We all have enjoyed the benefits of wireless internet at one point or another and its freedom to work anywhere, any place, and at anytime. This very freedom of wireless internet has become the launch pad for a scam called phishing.
The story we are about to tell may sound far fetched, but let me be clear the threat is real. By being educated you can safely surf the internet using wireless connections without fear of falling victim to this scam.
In airports, stores or coffee shops wireless internet has become main stream for allowing people to gain access to the internet. Major brand name company’s we all are familiar with are battling over this market and the paying customers. This creates the perfect playground for con artists and in enters the bad guys (phishers) who can quickly setup shop to get your personal information quickly and easily. Let me explain.
Anyone can mimic an Airport Wifi website by doing a File > Save As of the company web page, change a few pieces of html code and presto … the phisher has built a fake site (the bait) that looks like the real site.
The next step is for the phishers to go “phishing”, they use a $100 Linksys Wireless Router purchased at any technology store or another option is configure their laptop, both which aim to look like a hotspot (the bait) to broadcast a signal (cast a line) for users to connect to the fake “hot spot” (the bait). The hotspot may say “[Airport Name Here] West Terminal Wireless Internet Access” or “[Airport Name Here] East Terminal Internet Access” and people go to the “hot spot” because guess what, the signal is stronger than the valid wireless offered by the real company (the bait looks really good to the customer).
So now that the bait is in on the hook and their line is cast, the scam begins. When you (the customer) connect to the wireless access point (the bait), it requests your information for a 1 day paid subscription for access. The web page looks just like the real company site “Internet Access” for the airport or another hosting company. We won’t use a specific name of a provider but you get the point.
To gain access for a small fee you enter your credit card information just like you would order products online and add other personal information requested to complete the transaction. What you don’t realize is that part of the trick is that the page you enter the information on isn’t really validating your credit card information. As we stated earlier, it is fake and it is only capturing information as you type; which allows the identity thieves to use as they please to make purchases of their choice.
You hit submit on the page to complete your transaction. The page pretends to process your information and then grants you access to the internet. Sometimes the fake page may even pretend to validate your information by using built in error handling on the text boxes, asking you to validate that your information is correct, just like on the real sites. This is another trick to have you validate your information twice. So now you have just tugged on the phishing line twice by validating your information and they know they have a real catch on the line.
Now the scam is completed, they have your information and presto the fake page redirects you to an “Access Granted Page” and you begin to surf the internet. In summary, you think you have gained access to a valid wireless hotspot except you have really only been fooled into signing up for a fake site while a thief coerces you into gaining your personal information.
This scam is a growing concern for many “paid” wireless hot spots, because the ability to fool customers is pretty easy. More and more locations are offering FREE wireless to prevent customers from being scammed and as businesses do this the threat will lesson.
We are happy to announce through investigative work with their bank, who trends spending habits of its customers, anomalies are flagged in the financial records and customers are notified quickly. Today this customer is 100% free from responsibility of the damages and free from implications that if not caught earlier could have destroyed credit scores and the ability to absorb the damages.
So how can you prevent this?
Our friends at www.computerworld.com recommended the following tips -
1. When accessing your accounts at hot spots, enter passwords only into Web sites that include a Secure Sockets Layer key (SSL) at the bottom right of the Web browser. This will look like a yellow lock and creates an encrypted session between your computer and the real hot spot. This prevents people near by from “sniffing” your data through the air in the radio signals. In computer terms this would be like you sitting in a crowded room and yelling out your personal information without it being encrypted. Not good.
2. Avoid hot spots where it's difficult to tell who is connected, such as at hotels and airport clubs. Hot spots should only be used for Web surfing and not for making online purchases or any other transactions where account numbers or passwords are needed.
3. Turn off or remove their wireless cards from their computers when they aren't accessing a hot spot to prevent others from accessing their machines.
4. Don’t use unsecured applications such as e-mail or instant messaging while at hot spots.
5. Personal firewall and security software should also be continuously updated with patches.
For more tips, tricks and help contact our team at CustomerCare@webgio.com.
