Do you ever log on to a public Wi-Fi hotspot to check on your bank balance, transfer money or make online purchases?
If so, your personal or online banking security could be compromised in just minutes.
Santander challenged 86-year-old Alec Daniels from Hampshire to write and send a mock phishing email and hack into a public Wi-Fi hotspot as part of a campaign to raise consumer awareness of how to avoid scams.
He was able to do so in less than 17 minutes using information and guides easily available online – with the help of network security expert Marcus Dempsey.
Alec is a graduate of Santander’s ‘scam avoidance school’, which trains the over-60s in techniques to avoid being tricked by scammers and is available in all 806 of the bank’s branches across the UK.
It took Alec 13 minutes – with little input from the expert – to write an email claiming to be from fictitious company MoneySpark and asking recipients for their bank account information alongside a fraudulent link.
Concurrent research showed that 74 per cent of people have been targeted in this way.
The research also revealed that 36 per cent of people don’t have any concerns about the security of their data when using public WiFi.
However Alex was able to capture and intercept web traffic from a willing participant’s laptop while they were connected to an open Wi-Fi network – designed to replicate those found on the high street.
Under instruction, he set up a rogue access point – frequently used by attackers to activate what is known as a ‘man in the middle’ attack – to begin eavesdropping on traffic. He achieved all of this in in three minutes and 40 seconds.
Santander also found that 41 per cent of people regularly use public Wi-Fi hotspots to access the internet on their phones and computers to carry out financial transactions such as checking bank balances, making online purchases or managing money transfers.
Of those people, one in ten admitted to logging on to unsecure Wi-Fi networks every day.
Chris Ainsley, head of fraud strategy at Santander UK, said: “Our experiment demonstrates just how easy it is for criminals to send phishing emails and hack Wi-Fi hotspots.
“We have seen the devastating results that fraud and scams can have on our customers and how much damage can be done if hackers get hold of even a small amount of personal detail.
“It’s great to have Alec on board to help out – having talked about scams with thousands of over-60s through our SAS it is good to get him involved to help spread the word. Raising awareness and educating people on how to protect themselves is vital to effectively tackling the criminals who ruin people’s lives.”
Below are Santander’s tips for staying safe online.
Wi-Fi hotspot protection
- Ensure a WiFi hotspot is genuine: it’s easy to set up official-looking networks, so verify with shop staff before logging on. Providers can help by displaying the network name in store.
- HTTPS: If you need to use your card details online make sure the website you are on has ‘HTTPS://’ at the start and has a green padlock against it.
- Get a Virtual Private Network (VPN): Not all sites will display the HTTPS lock symbol, but a VPN will act as an intermediary between your device and the internet server, putting up a further block for any would-be eavesdroppers or hackers.
- Forget the network: don’t just log off – ask your device to forget the network so it doesn’t automatically log on if you’re within range later.
Email protection
A genuine bank or organisation will never contact you unsolicited to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details including passwords and PINs unless it’s to use a service you have signed up to, and you’re sure that the request for your information is directly related to that service.
- Never click on a link or download anything in an unsolicited email. Doing so could let scammers infect your computer with malicious software that will swipe your personal details or could allow criminals to access your device remotely.
- If you get an email from somebody asking you to change some payment details, don’t do this without checking it out thoroughly first. The email may have been sent by a hacker rather than the genuine supplier.
Look out for tell-tale signs that an email may not be genuine, for example:
- The sender’s email address doesn’t match the website address of the organisation it says it’s from
- The email is impersonal and doesn’t address you by your name e.g. just says Dear Sir/Madam
- There are spelling or grammatical mistakes