News

Identity thieves steal from laptops in hotspots, but you can foil them

First published in the November/December 2009 issue of Victoria Boulevard Magazine:http://www.victoriaboulevard.com

You’re in a café with your wireless laptop or smartphone, and you’re about to type an important password. Can someone else see it? You betcha, if you haven’t taken precautions. Substantial risks exist when you use public wireless networks or hotspots. While nothing is ever completely secure, the good news is that it’s easy to make your system secure enough so that thieves will move on to someone else’s system.

The risks:

Identity theft is a real and growing problem, especially at hotspots. At home, you should have a router that includes a firewall that helps protect against intrusions. If you do not have one, install one. They are cheap (about $50), and a setup-CD easily walks you through the installation. Get a brand name such as D-Link, Netgear, or Linksys. When you hit the road, however, you’re at the mercy of someone else’s configuration. At a hotspot you could be tricked into using an unsecured bogus network. Anyone within wireless range could be running a fake site that looks like the legitimate hotspot. Instead of connecting to the Starbucks wireless network, you might connect to an information thief’s computer, and then they could scan your system for vulnerabilities and even use a key logger to record what you do.

Even legitimate hotspots have risks. An intruder could access your unprotected system, or monitor what you type. You might be redirected to a fake site, so even if the connection is encrypted, you might unwittingly send information to a thief. How can you tell? Look first at the web address for the hotspot’s logon page. Does it look right? For example, http://www.Starbucks.com/wireless looks legit, but http://192.168.0.1/freewireless does not.

Beware of typosquatting sites—for instance, www.strbucks.com. You could land on these with a simple slip of the finger. Similarly, beware of phishingactivity, in which an email message pretending to be a legitimate bank or business tries to trick you into typing your credentials on a bogus site. Lastly, guard your computer against theft. If it is lost or stolen, the finder could rifle through your files. Even a small piece of personal information is enough for identity thieves to leverage more to build a bogus credit profile using your good name.

Before you leave home:

Update your computer’s operating system at least every month, or subscribe to automatic updates. In Windows, visit www.windowsupdate.com. On a Mac, click Software Updateon the Apple menu, and then click Software Update. Make sure your virus scanner is updated. If you do not have a current virus scanner, do not leave home until you do! AVG Antivirus is free and very good. Make sure your antimalware software (also called spyware scanner) is updated. I'd recommend the excellent Malwarebytes. You can get both from http://www.ninite.com.

Make sure your laptop firewall is turned on. This differs from the router’s firewall. Current Windows and Apple operating systems include a software firewall that provides additional intrusion protection. In Windows XP, click Windows Firewall in Control Panel. In Windows Vista, click Start, type Firewall, and then press Enter. On a Mac, open System Preferences, click Sharing, and then click Firewall.

Create a "Standard user" account on the laptop for when you travel. A Standard user account has limited permissions, which helps prevent malware from doing anything drastic. In Control Panel, click User Accounts, and then click Create a new account. On a Mac, open System Preferences, and then click Accounts. Be sure to apply a strong password (using a combination of uppercase and lowercase letters, numbers, and symbols) to all accounts that can log onto the laptop. Ditto for your smartphone.

Turn off file sharing to prevent someone on the same wireless network from accessing your files. In Windows, for example, if you open My Network Places, and thenopen Microsoft Windows Network, you can see all the other computers on the wireless network. A double-click may even open them if they are not password-protected.File sharing is handy on a home network, but it’s a disaster if you are on the road. When you turn off file sharing, the computer no longer appears on the network. Look upsharing in the Help files, or search Google for "turn off file sharing" and follow the steps for your operating system.

Other precautions:

Avoid storing personal files on your laptop or smartphone. Even if the system is password-protected, a thief could remove the harddrive and access everything by using an external USB shell. File encryption is a good idea, but it has some tricky aspects and you need to do the research. Search on "how to encrypt files" in Google toget you started. If you encrypt your files on a laptop, make sure you have a backup stored elsewhere, as you may get locked out of your own files.

Password-protect documents that store sensitive data. For example, in Word or Excel 2007, click the Office button, click Prepare, and then click Encrypt Document. I keeppasswords and credit card numbers in one Excel worksheet that is password-protected. With a strong password, it’s reasonably safe.

Speaking of backups, be sure to save all important documents and photos in two locations other than the laptop, such as on an external harddrive, a DVD, or a memory stick.

If you must do financial transactions that can’t wait until home, make sure you use a secure Web page. Look for an "s" in the https:// header. For example, https://www.scotiaonline.scotiabank.com is a secure site, whereas http://www.scotiaonline.theifwashere is not. Some sites show a closed padlock symbol to indicate that the web page is encrypted. Communication sent to either is reasonably safe.

Tips while in the café:

Use a PayPal account instead of credit cards, and never write your Social Security number anywhere.

Be fast. It takes time to hack into a computer just like it takes time to trace a phone call. Write your email offline, connect only to send and receive, and then log off.

While browsing in a cafe, only visit sites you know are safe. A hotspot is not the place to wander the World Wide Web. Lastly, trust your risk intuition. You’d be surprised at how perceptive it can be.

Now enjoy that latte!