Agony! My Phone Got Hacked at a Football Game!

My family loves our local football team. We’ve been die-hard fans since we were children.  And as season ticket holders, we rarely miss any home games.  However, the last game was a nightmare for me.  Not because my team played poorly, but because my phone got hacked.

I used the public Wi-Fi at the stadium to purchase a tee shirt for my granddaughter.  Of course, I had to key in my credit card number like I always do. But, because I was using public Wi-Fi, my card number was revealed and stolen.  I didn’t find out until my statement came through with charges for items I never purchased.  Luckily, I was able to file a claim with VISA, so I didn’t have to pay for the false charges. They canceled my card and issued me a new one.  However, now I wonder what else the hacker found.

I learned my lesson.  I’ll never use public Wi-Fi for shopping or anything else that could jeopardize my privacy. I also did some research about using public Wi-Fi.  This is what I learned.

When using public Wi-Fi, you should only send information to websites that are fully encrypted. Most Public Wi-Fi hotspots don’t encrypt the information you send over the Internet and aren’t secure. A secure wireless network encrypts all of the data you send over that network.  Public Wi-Fi doesn’t.  Encryption keeps your personal information secure when you’re online. It scrambles the data you send over the Internet into a code so others can’t view it. Don’t send you confidential information over public Wi-Fi unless the website you’re visiting is encrypted. An encrypted website protects the information you send to and from that site.

Whenever you send an email, share photos and videos, or use social networks over unsecured public Wi-Fi your information can be exposed.  Wow, I didn’t know this, did you?  I upload photos to Facebook all the time using public Wi-Fi. And emails too!  I’ll be very careful now to only do this over a secure Wi-Fi network.

The way to know that a website is encrypted is the https at the beginning of the web address. Sites with HTTP aren’t encrypted.  Most banking sites use encryption to protect your information as it travels from your computer to their server. However, it’s important to know that some websites only use encryption on the sign-in page and not the rest of their web pages. If you provide confidential information on a page that isn’t encrypted your account can get hacked.  So, make sure every webpage has https at the start of the web address.

Mobile apps don’t have an indicator like https, so you know that a website is secure. Another “Wow.” I never thought of this when accessing websites from my smartphone. I check for https when using my computer, but not when using my phone. Many mobile apps don’t encrypt information properly, so you shouldn’t use your mobile apps on unsecured Wi-Fi. If you want to use a mobile app to send confidential information, make sure you use a secure wireless network. You can also use your phone provider’s 3G or 4G data network.

If you use an unsecured network to log in to an unencrypted site other people using the same network can see what you’re entering.  They can even “hijack” your session and log in as you! Evidently, the hackers have access to free tools to do this.  They don’t need to be “computer geeks” to do this. They use these free tools to steal login credentials, personal information and even documents you send via email or messaging. Even worse, the hacker can use your accounts to scam other people on your contact lists. What a nightmare! I’ve emailed everyone I know to warn them that this might happen.

Remember to use two-factor authentication. This requires two pieces of information (a private password and code) before you can log in to your account.  The best websites and services support two-factor authentication. This way, even if a hacker gets your password due to a security gap in public Wi-Fi, they still won’t be able to log into your account.

Make sure the public Wi-Fi name is legitimate. Hackers set up fake ones to trick you into signing onto their fraudulent site. The name will look similar to the real one. So, scrutinize the name and make sure you’re not signing onto a malicious network.  If you do, your device is literally in the hands of the hacker. When I’m in a coffee shop or doctor’s office, I always double check with an employee to make sure I’m signing onto the right network.

The US Government’s Federal Trade Commission has some great info on how to protect your information when using public Wi-Fi.  Here’s what they say you should know:

• When using a hotspot, login or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted – from the time you log in to the site until you log out. If you think you’re logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
• Don’t stay permanently signed into accounts. When you’ve finished using an account, log out.
• Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
• Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings and keep your browser and security software up-to-date.
• Consider changing the settings on your mobile device so it doesn’t automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
• If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. What’s more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
• Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
• Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren’t encrypted. They don’t protect you on all websites — look for https in the URL to know a site is secure.

I learned my lesson about using public Wi-Fi the hard way. I hope this information helps to keep you safe when online.