What the Tech: Man in the middle

WBBJ 7 Eyewitness News Staff,

Free Wi-Fi can feel like a lifesaver when you’re traveling or just hanging out at a coffee shop. But before you tap “connect,” there’s a scam you should know about. Cybercriminals have been using it for years, and it still works today.

How the Scam Works

The trick is simple: a scammer sets up a Wi-Fi hotspot with a name that looks legitimate. If you’re at a coffee shop called Jamey’s Java, for example, they could rename their phone’s hotspot to “Jamey’s Java Free WiFi.” Unsuspecting customers see it, assume it’s safe, and connect.

Once connected, all of their internet traffic flows through the scammer’s device. From there, cyber crooks with the right tools can see where people are going online. More dangerously, they can redirect victims to fake websites designed to look like real shopping or banking sites. Type in your username and password, and the attacker has it.

Isn’t My Data Encrypted?

Yes — most banks, shopping websites, and apps use encryption (you’ll see the padlock icon or “https” in the web address). That makes it nearly impossible for hackers to simply “read” your password in transit.

But here’s the catch: encryption doesn’t protect you if you’ve been tricked into logging in on a fake site. If the attacker controls the hotspot, they can reroute you to a look-alike page. Once you type in your information, it’s game over.

Even with protections in place, research shows that man-in-the-middle attacks, the technical term for this scam, still account for approximately 20 percent of all cyberattacks worldwide and result in an estimated $2 billion in losses annually.

How to Stay Safe on Public Wi-Fi

  • Verify the network name. Ask a barista, hotel clerk, or airport staff to confirm the official Wi-Fi network. Don’t just assume the name you see is safe.
  • Avoid sensitive logins. Save online shopping, banking, or anything involving money for when you’re on your home Wi-Fi or using cellular data.
  • Watch for unusual prompts. If a Wi-Fi network suddenly asks you to log into Facebook, Google, or email before you can get online, it could be fake.
  • Consider a VPN. A virtual private network scrambles your traffic so even if you connect to the wrong hotspot, attackers can’t read it.

The Bottom Line

The fake Wi-Fi hotspot scam has been around for two decades, and it still works because it preys on human nature. We all want to get online quickly and for free. But with a little caution, you can avoid becoming the next victim of this simple, yet costly, cybercrime.

Categories: News, U.S. News, Video

Related Posts