Canadian Bankers Association - Fraud Prevention Tip

October 2010

October is Cyber Security Awareness Month: Be Aware of WiFi Hotspot Scams

October is Cyber Security Awareness Month and Canada's banks have teamed up to participate in this international effort to help consumers protect themselves and their computers from cyber crime. To help you stay safe while you're online, this month we look at WiFi hotspot scams.

Whether you're on a vacation at a resort, waiting in the airport or sitting in a coffee shop, it's often possible to connect to the Internet through a wireless network provided by the property owner. Sometimes these will be offered for a small fee and sometimes they will be free. But be careful: sometimes free "WiFi" can be a scam perpetrated by criminals hoping to steal your personal information.

In general, this is how the WiFi Hotspot scam works:

  • Users will browse their network connections to find a wireless network in the area
  • You find a network that calls itself "Free WiFi", or something similar, and decide to connect
  • This "Free WiFi" network is not really a hotspot, but a computer-to-computer network that might have been set up as a trap
  • While you can use the Internet as normal, the attackers have set up their computer to let you browse the Internet through their computer's connection ‑ as a result, they can see everything you do online

This trick is especially problematic if you're visiting websites that require you to enter financial information, like a credit card number, bank account number or passwords. Since the attackers can see everything you're doing online, they now may have access to your sensitive financial information.

Also, if you've set up your laptop to allow file sharing, the attackers can access personal files and data on your laptop, and possibly install spyware on your computer.

Beware of evil-twin hot spots

Sometimes criminals will set up a real hot spot near a café that provides WiFi for customers with the sole purpose of stealing personal information. Ask the business' staff if there is a hot spot available and get the name from them. Only connect to that network, and if you see two hot spots with the same name, don't connect to either. One might be a so-called "evil twin" set up to trick you into connecting to the phony hot spot.

How to Avoid a WiFi Scam

The easiest way to protect yourself from WiFi fraud is to not connect to any free wireless networks. If you're in a coffee shop, airport or hotel that has a legitimate WiFi connection for a small fee, it's worth the price for peace of mind. If you choose to take advantage of free WiFi availability, here are some things to keep in mind.

  • Never connect to a "computer-to-computer" network. When choosing a wireless network, check out the description of each one. A normal wireless network is simply called "wireless network" not a "computer-to-computer" network.
  • If you have Windows XP, make sure that XP never connects to an ad hoc network by doing the following:
    • Click the wireless icon in the System Tray.
    • Click Change advanced settings.
    • Select the Wireless Networks tab.
    • Click Advanced.
    • Select Access point (infrastructure) networks only.
    • Click Close, and keep clicking OK until the dialog boxes disappear.
  • Use HTTPS to access webmail and avoid protocols that don't include encryption.
  • Turn off your computer's file sharing capabilities when using free WiFi Internet in a public area. The instructions will vary slightly depending on what computer system you're using (Windows 2000, Windows XP, etc.), but in general this is how to turn off file sharing.
    • Click on the Start button and then select Settings > Control Panel
    • Click on the Network Connections icon
    • Right-click Local Area Connection and select Properties
    • Select File and Printer Sharing for Microsoft Networks
    • Click the Uninstall button
    • Click Yes in the window that appears
    • Click Close
    • Restart your computer

For more information on this and other fraudulent scams please visit the following website: Royal Canadian Mounted Police.

For more fraud prevention tips from the Canadian Bankers Association or to sign up to receive new tips by e-mail please visit the Fraud and Security section of the Canadian Bankers Association website.

Do you have an idea for a future fraud prevention tip? Send us an e-mail with your idea to FraudPreventionTips@cba.ca.


Thank you for subscribing to the Canadian Bankers Association’s Fraud Prevention Tip.

Canada’s banks take the issue of privacy, security and fraud prevention very seriously. They work hard to prevent their operations and customers from being used for any kind of financial crime and to raise awareness about the ways that customers can protect themselves.

As a consumer, you also have an important role to play in preventing fraud. This month we'll look at how to recognize a WiFi Hotspot scam and avoid becoming a victim.

Canadian Bankers Association logo