How Hackers use Public Wi-Fi to Steal Information…

How Hackers use Public Wi-Fi to Steal Information…

Reading Time: 4 minutes18th October 2022 | Modified: 13th January 2023

Categories: Security

coffee cup

Wi-Fi is everywhere. Buses, trains, cafes and pubs of course. It’s at the gym, taxis, shopping centres, the list goes on. Hold on a minute, just let me check my bank statement, whilst I’m enjoying a mocha coffee. As they say, I’ll just pop in my password, which is the heart of the problem.

Sitting in a public Wi-Fi zone, it is so easy to log onto what you believe is a secure free public wi-fi hotspot. But, you had better believe it, cybercriminals are everywhere, waiting for you to make the simple mistake of sending important information over a fraudulent unsecured network. Some relevant private piece about you, that only ‘you’ would know. Can they do that? Yes, they can. Armed with just a few simple software tools, cybercriminals can capture that information right out of the sky without you knowing it.

Cybersecurity has become the hottest IT topic on the planet,
simply because no one is safe from it

Don’t believe me? OK, try this:

Pop into your local coffee shop, sit anywhere you like and set your mobile phone up as a mobile hotspot. I know where you’re going with this, “that won’t work” I hear you say. Customers will be able to see it’s a private individual mobile phone masquerading as a coffee shop. I can see it says iPhone and not log on to it! I won’t be spoofed! OK, just give me two minutes to change things around, OK now look. (Have a look at the picture below if you don’t believe me)

I had my colleague set up their mobile phone as a hotspot and change the hotspot’s name to that of Coffee Cafe. I then logged on to the ‘free wi-fi’ service with my mobile phone, thinking it to be safe. Scary, isn’t it?

We can all be so busy, can’t see a staff member to ask a question about the wi-fi, and everyone seems logged on, that we just accept it and log on. This kind of cybercrime is called a man-in-the-middle attack (MITM). It’s sometimes called a Honeypot or an Evil Twin crime. As the name suggests, a hacker sits between you and your intended web business and will present their copy version of a popular website.


How does the crime take place? Who doesn’t like to shop using an E-commerce site? Or pop on to their social media account, to see what’s happening in the world? So, you log onto the hackers’ version of your favourite website, and they pop something up on your screen, something that you just can’t say no to? For example, a weekend hire of an Electric sports car for £10 per day. Might you just whip out your credit card for that discount, and innocently provide all your important personal details to the cybercriminal? It’s that simple, to get caught up in the moment.

Isn’t the best crime perpetrated, when nobody knows that it’s been done?

So, how can I keep my browsing safe?

Top 5 tips to help you keep safe from Wi-Fi fraud

1. Check if the site you should be looking at has an HTTPS address first. It’s a level of protective confidentiality, to ensure you have a private online experience, so check this first.

2. Use a Virtual Private Network (VPN), it essentially is a way of encoding all your information and sending it down a secure tunnel into your company’s server. The great thing about it is that it scrambles all your information, thus hiding all your online activity and your location, from cybercriminals plus it’s simple to set one up.

3. Shoulder surfing. Most people know about “shoulder surfers”. Ever gotten money out of a cash machine? Well over the years we’ve all learned how to physically position ourselves so that someone cannot see over our shoulders as we punch in our numbers. Sitting at a coffee table is a little harder, as we often sit away from the screen. But the principle is the same. Protect how you log in; make it difficult to see what details you’re entering.

4. Use Two-Factor authentication, (or 2FA) it’s an absolute must-have in the war against cybercrime. Typically, as you log into a network/portal, a confirmation code is sent to your mobile phone. You can only gain access by entering the code. Yes, it takes a little longer, but it’s a good encryption technology to have on board in the fight against cybercrime.

5. Disable file sharing – When you are in a public situation, this is a big no-no. And Airdrop! Give that a miss, wait till you’re somewhere safe.

Is WPA3 the future of Wi-Fi?

WPA3 (Wi-Fi Protected Access 3) certainly is the next step in mainstream wireless network security. It uses cutting-edge security protocols to reduce the earlier vulnerabilities, inherently found within earlier Wi-Fi systems. WPA3 comes with increased authentication processes (whether you use a personal or an enterprise network). WPA3 limits password guessing and protects against brute force dictionary attacks, prevent passive eavesdropping by encrypting traffic at all times and lots of other security protocols, are designed to safeguard your Wi-Fi conversations when it comes to sending information through the airwaves from your favourite coffee shop.

Be smart using Wi-Fi

Don’t ever access financial or any kind of important information if you think you can’t do it securely. Don’t download anything you don’t have to. If you’re not sure, don’t do it, otherwise, it might end up being a really expensive coffee.

At CNC we have a number of Security Services that help our customers protect their business from cybercriminals. Please do not hesitate to contact us on 01273 384100 for further details or email

Categorized as Security

By Gary

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!