Nearly every café, restaurant, spa or any public establishment now offer public Wi-Fi. It is a great convenience to save up on your cellular data. If you are in a rush, it can be tempting to check your email using public Wi-Fi.
However, before you access your email using public Wi-Fi, remember that nothing is free. Even though you are not paying for Internet connectivity right away, you pay with your personal data. According to a study conducted by the Kaspersky Security Network, 21.96% of public Wi-Fi hotspots do not use any encryption.
Public Wi-Fi provides an easy route for cybercriminals to monitor your online activities and steal your personal data. They can gain access to your business credentials and sensitive data that they can use against you.
Do you access your email using public Wi-Fi? Here are 5 risks you should be aware of.
Theft of Personal Data
The theft of personal data and information is one of the most common and severe threats of using public Wi-Fi. Identity thieves can steal information such as –
- Login credentials
- Financial information
- Personal data
When a hacker gets access to your device through compromised public Wi-Fi, they can browse through all of your information. They can store this information offline and sell it to third parties or use it against you.
One of the most commonly stolen personal information is your email address. When you access your email using public Wi-Fi, hackers get access to your address which they can then sell to third parties to add to their spam lists. It can spike up the spam emails you receive and threaten your personal email security. If you suspect your email address is exposed online, you should check your email address visibility.
To check your email address visibility, go to Sniff Email — an online platform dedicated to finding out if your email address exists on the Internet. Enter your email address in the search field and click fetch to find out if your email address exists on the web within a few seconds. Based on the results, you can take appropriate action to remove it.
Man-in-the-middle attacks are initiated by impersonating a legitimate public Wi-Fi service. For example, if you are going to use the public Wi-Fi of an establishment named Central Perk that you know to be secure, you could be mistakenly connecting to a network called “Central Park.” This way, instead of connecting to the original network, you might be connecting to the hotspot network set up by the guy in the corner to lure you in.
Using the impersonating network, you can browse the Internet like usual. But everything that you do goes through the computer of the hacker. The hacker can gain access to your login credentials, your emails, sensitive documents, etc.
Packet Sniffing or Eavesdropping
Packet sniffing or eavesdropping is exactly what it sounds like — an unwanted party creeping into your communication channel and going through every packet you’re sending or receiving. Anyone connected to the same Wi-Fi can eavesdrop on your packets if the channel is not encrypted.
When you access your email using public Wi-Fi, anyone eavesdropping can view your emails and credentials. Furthermore, they can use this information for identity theft and other fraudulent acts.
Another threat of using public Wi-Fi is, attackers can implement malware in your device through unprotected connections. This malware can be of different forms. For example, trojan horses, spyware, ransomware, adware, etc., are different types of malware. The attacker can use these types of malware to take control of your device to make it a part of their botnet or encrypt all your data and ask for a ransom. In a less severe case, they can use the malware to show you ads on websites that are not advertised by that particular website.
In the case of session hijacking, an attacker intercepts your device information and the associated connection to other services and websites. They can then use that information to configure their own devices to match yours. Once they have created a clone of your device, they can use it to hijack the connection.
Hackers can hijack your connection after you’ve logged in to your email account or bank account. It will look like your computer to the service provider’s server, so it will not alert them. So, the attackers are free to wander around your account and access all of your data. Session hijacking is an even bigger risk with remote working. Cybercriminals can use your personal accounts to infiltrate the company’s database — making it a rising threat for small to larger businesses globally.
We know that replying to that work email is urgent, and you want to get it done as soon as possible. But keep in mind that you are putting your email security at risk by accessing your email using public Wi-Fi that could cost you more in the long run. Adhere to safe Internet usage practices to protect your data.