FBI: Don’t Dabble with Public Wi-Fi This Holiday Season

FBI: Don’t Dabble with Public Wi-Fi This Holiday Season

The FBI has issued a warning to holiday travelers not to use public Wi-Fi on the road this Christmas because of cybersecurity concerns.

As internet users cross countries and continents to be with friends and family over the holiday period, the Feds argued that Wi-Fi hotspots should be avoided.

“Don’t allow your phone, computer, tablet, or other devices to auto-connect to a free wireless network while you are away from home. This is an open invitation for bad actors to access your device. They then can load malware, steal your passwords and PINs, or even take remote control of your contacts and camera,” it said in a “Tech Tuesday” post this week.

“If you do need to connect to a public hotspot — such as at an airport or hotel — make sure to confirm the name of the network and the exact login procedures. Your goal is to avoid accidentally connecting to a fraudster’s Wi-Fi that they are trying to make look legit.”

If using a public hotspot is unavoidable, the FBI urged users not to log-in to any sensitive accounts like their online banking. Where possible, the Bureau advised individuals to use their smartphones as a private hotspot for other devices.

Although these best practices have long been promoted by the information security community, users, including business travelers, continue to expose themselves to unnecessary risks by using public Wi-Fi without adequate security.

A 2018 study from iPass revealed that 81% of global IT leaders had recorded staff Wi-Fi-related security incidents over the previous year.

VPNs are seen as the best way to ensure traffic and web browsing sessions are protected from Wi-Fi snoopers. However, UK IT leaders were least confident (38%) that their mobile workers are using a VPN every time they go online.

The FBI warning comes just weeks after LA County’s district attorney issued a public security notice warning people not to use public USB charging points for fear of so-called “juice jacking” malware attacks.

Source: Information Security Magazine