18. Unsecured or Public Wi-Fi
While phishing can be a sneaky way to steal your login credentials, using a Wi-Fi network that isn’t password protected, is public, or is lacking security can be worse. This is because you could be sharing the network with a hacker.
Let’s start with your home Wi-Fi network. If you don’t use a password or if you don’t have a properly configured firewall, you’re basically leaving the door open to hackers. Hackers use a technique known as “wardriving” to look for unsuspecting targets.
Wardriving is where hackers drive (or walk or bike, etcetera) up and down neighborhoods and look for wireless networks that aren’t password protected. When they find one, they log in and begin their dirty work.
To understand what hackers do once on your network, let’s look at public networks (Wi-Fi or wired). When you share your network with other people, you are susceptible to attack. If your computer isn’t properly secured a hacker might wreak havoc. But, more than likely they’ll never need to access your computer.
The reason hackers don’t need to actually get into your computer is because much of what we do happens over the Internet. Since they share the same network with you, there are tools hackers can use to hijack your data and passwords. Once you’ve been identified—or if you’re an unlucky random target—hackers can redirect and even change the data you send and receive. In one of my university courses, we setup fake pages to fool unsuspecting users. One of the easiest ways to do this is through DNS spoofing.
DNS is like your Internet phonebook. Websites are accessed using IP addresses (i.e. Google: 172.217.0.14). But since we can’t remember every IP address, we associate domains (www.Google.com) with these IP addresses. Your handy-dandy DNS server looks up these IPs for you to get you to the site. DNS spoofing occurs when a hacker alters your DNS table so when you type something like “Facebook.com” you end up at a site they created and they still your login information. Then, they redirect you to the actual site as if nothing happened.