Working remotely from a coffee shop, quickly checking company mail at the airport or researching in a hotel lobby – these are symbols of modern flexibility and everyday life for many professionals. In these situations, public Wi-Fi networks are an invaluable convenience. However, this convenience comes at a price.
“Modern technology today gives us a huge amount of freedom to manage our finances. Unfortunately, fraudsters take advantage of this – they operate in parallel in different spaces, using a variety of digital tools and manipulation techniques. Therefore, financial education in the 21st century is very much about cyber security. It is necessary to provide the people of our country with practical knowledge that will protect them from increasingly sophisticated digital attacks.” – indicates Monika Wojciechowska, Plenipotentiary of the Minister of Finance and the Economy for the Financial Education Strategy.
In response to the activities of digital fraudsters, the Ministry of Finance has launched a public education campaign,Safe Zlotys, which is implemented by the THINK! Foundation. It is an initiative that focuses on practice – it teaches how to recognise the danger and respond in the event of an attack, so that each and every one of us can better protect our money and data from cyber threats.
Anatomy of a threat – why public Wi-Fi can be a trap?
To defend yourself effectively, you first need to know your opponent’s methods of operation. Threats in public Wi-Fi networks are not theoretical – they are based on specific, often simple to implement attack techniques.
Man-in-the-Middle (MitM) attack – the invisible middleman
This is a classic and one of the most dangerous attacks. It involves a cybercriminal positioning themselves between your device (laptop, smartphone) and an access point (router in a coffee shop). As a result, all network traffic, instead of going directly to the target, flows through the attacker’s computer. This can be compared to a situation where the postman would read all your correspondence before delivering it. In open, unencrypted Wi-Fi networks, it is trivial for a skilled hacker to carry out such an attack.
Evil Twin – a trap for a fake hotspot
Imagine you enter the Green Corner café and see two names in the list of available networks: “Green_Kacik_Guest” and “Green_Kacik_FREE”. Which one will you choose? The Evil Twin attack involves a hacker creating a fake network with a name confusingly similar to a legitimate one. When connecting to it, the user is actually connecting to a hotspot controlled by a criminal. The goal is simple: to intercept passwords, form data or payment card numbers entered on unsecured sites.
From digital eavesdropping to physical threats
Fraudsters do not need to use sophisticated techniques to ‘eavesdrop’ (sniff) on data packets transmitted in unencrypted form in an open network. Moreover, one should not forget the other dangers of using the internet in a public place. Shoulder surfing, or simply peering over someone’s shoulder, is still an effective method. More sophisticated criminals can even use a hidden camera pointed at the keyboard of your laptop to intercept passwords typed in a public place.
Red flags – how to identify a suspicious network in 5 seconds?
Before connecting to any network, it is a good idea to go through a quick checklist. These signals should immediately turn on a red light.
- No network encryption (WPA2/WPA3): Modern operating systems clearly indicate when a network is ‘open’ or ‘unsecured’. There is usually a warning symbol next to its name. Connecting to such a network is like leaving the door to your digital home open.
- SSL/TLS certificate issues (no HTTPS): Even if your Wi-Fi network is password-protected, it is crucial to encrypt the connection to the website itself. Look out for the padlock symbol in the browser’s address bar before you enter any data on the website. If your browser displays a message about an invalid certificate or a connection that is not private, immediately abandon further browsing and do not enter any data on such a web page.
- Suspicious login portal (Captive Portal): Many public networks require you to log in through a special page. Be vigilant if this portal requests access to your social media profile, asks for your phone number or other redundant personal information. This is a common method for phishing or building marketing bases.
Digital hygiene in practice – your protective shield
Fortunately, there is a set of proven tools and habits that almost completely eliminate the risk.
Security foundation: VPN (Virtual Private Network)
This is the absolute most important tool when working on public networks. The VPN app creates a fully encrypted tunnel for all internet traffic from your device. This means that even if someone intercepts your data in a MitM attack, they will only see a useless encrypted string. Using a trusted VPN service (corporate or commercial) is the best insurance policy for your data.
Absolute ban on sensitive operations
Follow a simple rule of thumb: if you do not have an active VPN connection, never log in to electronic banking, CRM systems, corporate mail or any service where sensitive financial or personal data is present.
Separate email “to register”
Setting up an account to access Wi-Fi for an hour? Use a dedicated ‘junk’ email address for this purpose. This simple trick minimises the amount of spam in your primary mailbox and protects your primary address in case your Wi-Fi provider leaks your details.
Good system habits
Remember the basics, i.e. make sure the firewall on your system is active. When connecting to a new network, always select the ‘Public’ profile (in Windows), which limits the visibility of your device to others. When you are finished, always use the “Forget this network” option so that your device does not automatically connect to it in the future.
When the risks are too great – safe solutions
Sometimes the best decision is to abandon public Wi-Fi altogether. Fortunately, there are much safer options.
- Personal hotspot from your phone (tethering): Sharing the internet from your own smartphone is incomparably more secure. Data transmission takes place via the encrypted network of your mobile operator. The only downside is that the phone’s battery and data transfer from the bundle are consumed more quickly.
- Mobile internet (LTE/5G modem): For those who regularly work in the field, the best investment in security and independence is a dedicated, portable LTE/5G modem or laptop with a built-in SIM card module.
The convenience offered by public Wi-Fi networks is undeniable, but it must not put us to sleep on our vigilance. Awareness of threats and consistent application of basic digital hygiene, with VPN tunneling at the forefront, is the most effective and simplest strategy for protecting finances – both corporate and private.
For more guidance material on how to prevent financial cyber threats, visit the Safe Zloty campaign website.
The material was financed by the Financial Education Fund, which is administered by the Minister of Finance and the Economy, as part of the Safe Zlotys campaign and supports the implementation of the National Financial Education Strategy.
