WM: Attention WLAN hotspots and e-mail scams

Public WLAN networks are very popular with fans during major events such as the upcoming World Cup. Often, however, it is not enough just to send a post via social media; sensitive information such as account data is also transmitted. The danger: unauthorized third parties, who do not necessarily have to be cybercriminals, could read the information and use it for their own interests.

According to an analysis by Kaspersky Lab, of the approximately 32,000 publicly accessible WLAN hotspots, over 7000 (22.4%) do not use encryption [1]. Football fans should therefore exercise particular caution when using WLAN during their visit to the World Cup. According to the available findings, some of the WLAN hotspots in the eleven venues of the World Cup in Russia do without encryption and authentication, and thus without essential features of a secure WLAN network. Hackers could therefore intercept network traffic near the hotspots and obtain confidential information from unknowing users.

The highest percentages of insecure Wi-Fi hotspots were found in Saint Petersburg (37%), Kaliningrad (35%) and Rostov-on-Don (32%). The fewest insecure WLAN hotspots were found in the smaller host cities of Saransk (10%) and Samara (17%). On the positive side, a total of around two-thirds of WLAN hotspots use the WPA/WPA2 protocol for encryption, which is considered to be very secure. However, even with reliable encryption, WLANs are not immune to brute force attacks, dictionary attacks and key reinstallation attacks (KRACK).

World Cup as a popular spam and phishing topic

Kaspersky Lab also warns users about spam emails and phishing attacks in the wake of the World Cup [2]. Major events such as the summit meeting of the world's soccer elite have for years been among the most popular baits spammers use to trick users into clicking on a link to a dangerous website or to grab sensitive information such as credit card details or other personal information. The scams observed by Kaspersky Lab either promise World Cup tickets (to buy or be one of the lucky winners) or advertise merchandising products. The emails and fake websites look like official sources - including logos, etc. Both cases are dangerous, because users receive neither tickets nor jerseys; instead, they run the risk of spending money on fake products or involuntarily providing sensitive information to spammers.

Secure WLAN usage

Kaspersky Lab advises visitors to the World Cup who also want to use WLAN hotspots to take the following precautions:

• Whenever possible, a virtual private network (VPN) should be used, where data is transferred via a protected tunnel and is thus not accessible to cybercriminals.
• Networks that are not password protected or whose passwords can be easily guessed should not be used.
• You should also remain vigilant when using strong passwords. For example, fraudsters could set up their own fake WLAN hotspot in a café using the password of the regular hotspot and thus steal personal data. You should therefore always ask the staff for the name and password of the customer's WLAN.
• For maximum protection, WLAN connections should be disabled as long as they are not used, which in turn also extends the battery runtime. The option to automatically establish a WLAN connection should be disabled.
• If you cannot fully rely on the security of the WLAN connection, but still need to access the Internet, you should limit your use to harmless actions such as searching for information. No access data for social networks or e-mail accounts should be entered, and under no circumstances should online banking or credit card data be entered! This prevents sensitive data or passwords from being intercepted and later misused.
• Also, the option to use only secure connections (HTTPS) should be enabled in the devices. This is especially recommended for using websites in potentially insecure environments.

Text: Kaspersky Lab