Javascript is not enabled.

Javascript must be enabled to use this site. Please enable Javascript in your browser and try again.

Skip to content
Content starts here
CLOSE ×
Search
Leaving AARP.org Website

You are now leaving AARP.org and going to a website that is not operated by AARP. A different privacy policy and terms of service will apply.

Public Wi-Fi Scams


Public gathering spots like coffee shops, grocery stores and airports commonly offer visitors an internet connection via free Wi-Fi networks, and a lot of us take advantage of the access. In a 2018 survey by One World Identity, a strategy firm that focuses on digital identity and security, 4 in 5 U.S. respondents said they use free public Wi-Fi at least occasionally, and a third preferred it to tapping their mobile data service when out and about. 

It’s a great modern convenience, but also a risky one. Many public networks lack strong security protections, which makes it easy for tech-savvy scammers to break into them and take advantage of unwary users, especially those who are doing more than just looking up restaurants or checking the weather.

An overwhelming majority of Americans engage in activities on public Wi-Fi that could compromise their personal and financial information, like logging into social media, checking bank accounts, or entering credit card details on shopping sites, according to a 2017 report by cybersecurity company Norton. That kind of behavior increases the risk of identity theft by cybercrooks who exploit public networks’ security gaps to invade your phone, tablet or laptop. 

One common trick is the “evil twin” hack: A scammer sets up a Wi-Fi network with a name similar to the one you’re expecting to use, hoping you’ll connect to it. Another ploy is to launch a “man in the middle” attack, where the hacker takes up a position between you and the Wi-Fi access point you’re trying to use so as to intercept your data. Once they get in, hackers aim to steal passwords and credit card information or scan emails in search of sensitive personal data. 

That doesn’t mean that you should never use public Wi-Fi, but it pays to be careful and follow some basic precautions. 

Video: Public Wi-Fi Alert

Warning Signs

  • A public Wi-Fi network lets you log on without entering a password. That means it probably isn’t secure. 
  • The network has a generic-sounding name like “Free Public Wi-Fi.” 
  • You’re asked to pay to use the connection. The Better Business Bureau warns that this may be a scammer trying to get you to enter credit card information so he or she can steal it.

How to protect yourself from this scam

  • Do ask the staff at an establishment that offers free Wi-Fi for the exact name of its network, and make sure that’s the one you’re using. 
  • Do be careful about what you do on public networks. It’s generally OK to browse the web and check news, weather or traffic. 
  • Do consider tethering your laptop to your phone and using your mobile provider’s data network instead of public Wi-Fi. You may incur charges, but you’ll be more secure.
  • Do turn your Wi-Fi and Bluetooth off if you're not using them. 
  • Do use antivirus software and keep it up to date.
  • Do consider signing up for a virtual private network, or VPN, if you travel extensively or use public Wi-Fi often. It will encrypt your data, even on unsecured public Wi-Fi networks. 
  • Don’t use a public Wi-Fi network to do online banking, make purchases, check email or use social media.
  • Don't go to sites where you have to enter a user name and password.
  • Don't allow your device to automatically connect to any available Wi-Fi network. Check the network settings to make sure that function is turned off. 
  • Don’t trust that your mobile apps will be secure on a public network. The Federal Trade Commission (FTC) cautions that many apps don’t encrypt information properly. It's better to use them on your mobile provider’s data network.
  • Don’t use the same password for all of your accounts and websites. That makes it easy for a crook who steals one password to gain access to other accounts.
  • Don’t stay permanently signed in to your online accounts. Log out once you’re finished doing what you need to do.

More Resources

  • You can report identify theft, and get help with a recovery plan, at the Federal Trade Commission’s IdentityTheft.gov site. You also can call the FTC at 877-438-4338.
  • The FBI’s Cyber Crime website offers additional tips on protecting your computer or mobile device from hackers and malware. 

Unlock Access to AARP Members Edition

Join AARP to Continue

Already a Member?