While commercial services routinely encrypt their websites so they are more secure than email, hackers are able to use “cookies” from your email and social network sites to steal credit card and other personal information. This allows hackers to “sidejack” you, pretending to be you and gaining access to your personal data.
To prevent cookie sidejacking when using public Wi-Fi, experts recommend using mail websites that encrypt data. Gmail has been encrypting its mail since January 2010. You can tell if a website is encrypted if a small padlock icon appears to the right of the site's address in the address bar of the web browser. Also, look for “https” in the URL since the “s” means that the web traffic between your web browser and the website in encrypted, and thus the site is secure from any hackers trying to intercept the message.
Internet thieves have learned how to re-direct your Internet request to a fake website where they can extract your information. Make certain you are logging into the hotel's Wi-Fi network, and not a fake hotspot. Scammers often create a name that is very close to that of the desired network, so be safe and assume any Wi-Fi connections are being monitored. Using official access keys or security codes provided by a known establishment will help protect you from false Wi-Fi sites.
Moreover, don't stay permanently signed in to accounts. When you've finished using an account, log out. The American Express website advises using the “remember your User ID” on your own computer, so when you return your User ID will automatically be entered into the Sign In box. A fraudulent website will not be able to display your User ID, letting you know you are not on the genuine website. You should not use the “Remember Me” functionality on a public or shared computer, such as those hotels make available to their guests.
Mobile device users should make certain they have downloaded all security updates for their operating systems. Use virtual private networks (vpn), which encrypt all information, making your communications more private. Using a paid Wi-Fi connection has some value as this offers an added layer of protection.
Smart phones are also prone to sidejacking attacks when the device switches from a cell phone carrier to a wireless hot spot. It is recommended that you go into the settings on your phone and turn on the encryption.
Don't pay bills, use credit cards or conduct financial transactions at public Wi-Fi hotspots. Never email your credit card information, even if a merchant is asking. Be careful which Internet links you click because some can download and launch malicious programs on your computer. Use tools such as McAfee Site Advisor to alert you to malicious websites before you click. Avoid corresponding with strangers behaving suspiciously or click on short URLs since these can hide malicious websites. Other precautions from the FTC include making sure your firewall is turned on, and your virus and malware protection are up to date.
Password protection is vital. American Express warns its members to avoid using easily available information such as date of birth, or the last four digits of your Social Security number when creating passwords and personal identification numbers. Use different passwords on your banking and brokerage accounts, and update all of your passwords regularly. Use strong passwords composed of 8 to 20 letters, numbers and symbols.
Savvy thieves have learned to use social networking websites to gain access to your valuable information. Experian ProtectMyID commissioned a study in 2011 that found one-fifth of respondents posted their travel plans on social networking sites. When data thieves get this information, all they need to do is look up a traveler's home address online and steal any mail containing information that can be used to commit ID theft.