Wi-Fi and mobiles
Trusted Wi-Fi or ‘protected’ wireless networks offer a trusted level of security. They have the advantage of only allowing authorised access through the use of a secure username and password. RMIT’s free Wi-Fi "RMIT– University" is an example of a protected and trusted wireless network.
Public Wi-Fi access is considered an insecure network for online activities. Public hotspots allow many people within a specified area to login to the same network. For example, anyone sitting in the vicinity of the local coffee shop that has ‘free Wi-Fi’ can access that network to connect to the internet. Even if it uses a password, it is still considered a public network because anyone can enter the password.
The first step for any hacker is simply getting on the same network that you’re using. Whether the network password is provided by the barista at the counter or printed on a sign at your hotel, once it is public, your security can be compromised.
1. Check the Wi-Fi network name
A common form of attack at public hotspots is for a hacker to set up a rogue hotspot in the general vicinity of a legitimate one. It will likely have a similar name to fool you into selecting it instead.
If the rogue network is chosen from your device, all of your emails, site logins and social media activity can be routed through the hacker’s network, where they can be monitored and collected. Before connecting to any hotspot, ask for the full network name and carefully check that it matches the one you see in your device’s Wi-Fi menu. Don’t just choose the strongest Wi-Fi signal.
2. Save important transactions for trusted networks
Why take chances if you don’t have to? For things like banking and financial transactions where the potential losses are significant, it’s wise to reduce the risk and use more secure connections. Play it safe when dealing with any sensitive data or information that matters.
3. Look for ‘https’ in the address bar
If you see the https prefix in your browser web address bar, it’s a good thing. It means the session between the web server and the browser on your device is encrypted. Any information you send or receive via the site would appear as gibberish in the event that it was intercepted.
Financial, email and social media websites should all have https enabled, as should online shopping web pages where you login, view account information or provide payment details.
4. Use myDesktop
RMIT’s myDesktop service operates just like a virtual private network (VPN). It essentially adds an extra secure, physical barrier that ensures all browsing traffic and communications you access through it are encrypted - regardless of the website or app you’re using.
Any data you send via myDesktop is encrypted and sent through RMIT’s servers, before then being passed onto the web. This means that only garbled data would be intercepted if your Wi-Fi was compromised. And as direct communication with the web is through RMIT’s servers, there’s a level of anonymity too.
5. Forget the network when you’re done
Once you’ve finished using a public Wi-Fi network, make sure you go into the W-Fi settings on your device and choose the forget network option. If you have your device set to automatically connect to Wi-Fi, there’s a risk it may connect without your knowledge in the future, whenever you come into range.
Professionals today are uploading more information to their mobile devices than ever. Phishers have taken notice and are targeting mobile users specifically with a tactic called ‘smishing’. Smishing is a form of phishing that’s sent via SMS text message to your mobile device.
Like a spear phishing email, a smishing message will usually appear to come from a legitimate organisation, asking you to click on a link or provide specific information in reply. A common tactic asks you to reply or click on a link to confirm enrolment or unsubscribe.
By clicking the link, you run the risk of automatically downloading a malicious file to your mobile, such as a keylogger that can be used to steal your personal information. Alternatively, the smish text might urge you to call a specific phone number, which will charge you at an excessive rate when called.
To keep yourself safe from smishing, keep these tips in mind:
- If you don’t recognise the phone number, search online to see if it has been reported as a scam.
- You can block the sender to prevent further communication.
- Standard text-messaging rates may apply if you respond.
- If your phone number is linked to an online profile, smishers can tailor their message to your interests.
In general, it’s best to avoid responding to any unsolicited text message from a sender or phone number you don't recognise. Exercise caution when reading text messages and you can avoid compromising your mobile device.