The 6 Biggest Mistakes You’re Making On Public Wi-Fi, According To Cybersecurity Experts

Public Wi-Fi is a game-changer for those who are constantly on the move, providing major convenience for frequent travelers and digital nomads who need access to the web while on the go.

Wi-Fi is a budget-friendly way to stay connected (especially if you’re traveling, since international roaming fees can get pricey). But because it’s often unsecured, public Wi-Fi can leave users vulnerable to hacking and data interception if precautions aren’t taken.

Here are some of the most common mistakes people make that expose their devices to security risks.

“Don’t assume the network you’re connecting to is the correct network,” warns Craig Taylor, CEO and co-founder of CyberHoot, a cybersecurity training platform that educates individuals on protecting themselves from online threats.

He suggests double-checking with the owner of the network that the Wi-Fi name matches the official SSID, or service set identifier, which refers to the network name, before connecting.

“Hackers will set up enticingly named fake networks. At a Starbucks coffee shop, they might call it ‘FreeStarbucksWiFi’ to intercept and manipulate unencrypted data in transit,” Taylor said. This tactic, known as an evil twin attack, involves cybercriminals creating a lookalike network to trick users into connecting, allowing them to capture sensitive data like email logins and banking credentials.

A key but often overlooked sign of a legitimate network is the presence of a sign-in or authentication page before you gain access, Taylor said. These pages act as a basic security measure, preventing devices from automatically connecting without user approval.

“Rogue APs or Wi-Fi networks skip steps like this, hoping your phone will auto-connect and start communicating with online accounts through apps that don’t use encrypted communications,” Taylor explained. This leaves the door wide open for hackers to intercept your data and potentially steal your login credentials.

It’s easy to forget to turn off Bluetooth and AirDrop when you’re not using them, but any file-sharing capabilities should be disabled whenever you’re on public Wi-Fi.

“Nearby fraudsters can easily detect and connect to your device via Bluetooth or AirDrop, giving them access to your personal data or even infecting your device with malware,” said Brittany Allen, senior trust and safety architect at Sift, an AI-powered fraud detection platform. She adds that it only takes one click on a link to install malware on your device.

“If you connect to an unknown network and are then prompted to download a file called ‘Network Access Instructions,’ think twice before doing so,” she said. “Even the simple act of downloading a PDF can introduce malware to your device, and this can happen automatically if it’s sent to you via AirDrop.”

Since many of us allow our browsers to autofill sensitive information like passwords, credit card numbers, names and addresses for the sake of convenience, a fraudster who gains access to the network can easily steal your personal data and credentials.

“Fraudsters can also create hidden fields in online forms that trick your browser into auto-filling them, giving the scammer access to your information,” Allen said.

If you need to visit a sensitive website while on public Wi-Fi, make sure it’s a trusted and well-known one. To add an extra layer of security, avoid using the same password for every account and always enable multi-factor authentication to help protect your data.

Auto-connecting to public networks can leave travelers vulnerable to a variety of attacks.

“This means your device may be connecting to Wi-Fi without your awareness as you travel, allowing fraudsters to access your data and personal information without you even realizing your device was compromised,” Allen said. “You also don’t have a chance to verify the authenticity of a network, as your device may auto-connect to a fraudulent Wi-Fi hotspot that mimics a real one.”

To keep your connection secure, disable your device’s auto-connect feature for unknown or unsaved networks.

Cybersecurity experts agree that using a VPN, or virtual private network, is the most effective way to keep your data secure and encrypted when accessing sensitive accounts over public Wi-Fi, whether it’s your bank, email, social media or work.

“Network lock is a feature designed to prevent your data from being exposed should your VPN connection drop or fail,” explained Brian Cute, chief operating officer and director of the Capacity & Resilience Program at Global Cyber Alliance. He recommends choosing a VPN with a network lock feature, also known as a kill switch, to ensure your data stays protected. Cute also highlights other important VPN features to look for, such as no-logs policies, which prevent the VPN from storing your activity, and IP and DNS leak protection, which keeps your location and online activity private.

For an added layer of security, Taylor suggests using a password manager, which generates and stores strong, unique passwords for every site. This helps prevent attackers from exploiting a leaked password to access multiple accounts.

While organizations typically notify affected users of data breaches, there are proactive steps you can take to monitor your accounts for any suspicious activity. Start by checking your recent login activity on frequently used apps, such as your Google account, which provides a summary of recent logins. If you use Safari or Google Chrome, take advantage of their built-in security notifications and Google’s password checkup tool to detect potential issues.

Cute also recommends using Have I Been Pwned, a website that checks if your email address has been involved in a known data breach. You can even sign up for alerts to stay informed about any future security threats.

“While these tips can help protect you, it’s ultimately much safer to assume that all public WiFi networks are not secure and treat them as such,” says Allen. “The best way to be safe is to use tools, like VPN, to ensure the data you send over the public WiFi network is secure and encrypted.”