Jumio, a credentials management company, is calling for consumers to be wary which Wi-Fi network they are connecting to at their local coffee shop. The danger of fraudsters running bogus networks with the same name as the real Wi-Fi network is revealed in new research from Jumio in its soon to be released white paper, The Fraudsters Playbook.
In this white paper Jumio lifts the lid on five common tricks of the trade that fraudsters use to steal identities to enable them to go on to commit fraud.
David Pope, director of marketing and payment fraud expert at Jumio, said: “Businesses and consumers alike must be aware that there are many disreputable networks posing as official networks – their only true purpose is to steal the personal details of unsuspecting Wi-Fi users.”
How does it happen?
One of the fraudsters’ latest ploys to steal identities is to sit in a coffee shop that offers free Wi-Fi to its customers and then use his or her laptop to broadcast a wireless network that’s named exactly like the venue’s official Wi-Fi. The fraudster will use that as a launching point to “get to know” their ID theft victim. Here’s how the fraudster does it:
1. The fraudster sits in a coffee shop using his or her laptop to create a Wi-Fi hub that’s identically named to the venue’s legitimate Wi-Fi hotspot.
2. Customers and coffee lovers log onto the fraudsters hotspot, which contains malware that allows the fraudster to access their machine whilst he is sitting a scant few metres away.
3. The fraudster accesses the customer’s online accounts by hacking their password using cryptography tools such as Cain & Abel, all while he sips a latte and smiles over at his victim.
4. The Customer leaves the coffee shop and the fraudster moves onto his next coffee drinking victim, all the while amassing access to online accounts for banking, retail, and social media, ready for exploitation.
Current fraud stats show that the US economy loses in excess of $100bn annually to fraud, a pattern which is mirrored in other countries such as the UK. The UK economy lost £52bn in 2012 from fraud, 41% if which was accredited to online attacks2.
Pope said: “At Jumio we’re dedicated to making online and mobile transactions quicker and safer. Our computer vision solutions enable businesses to transact with their customers as if they were stood right there in front of them. With Jumio, businesses utilise their customer’s webcam or device camera to scan and validate payment cards and identity documents and even check that the face on their identity documents is actually the same face as the customer behind the transaction.
Tony Sales, convicted fraudster turned fraud prevention consultant, said: “This is one of the fraudsters’ favourite ID theft exploits as it yields rich data that they can use to conduct fraud straightaway. hey sit around in coffee shops for half a day and get 50 or so identities with passwords to their targets’ online grocery shopping, their online bank accounts and other transactional sites. Then it’s time to get back to base to leverage this data and get spending.”
What places should consumers think twice about before connecting to an unsecure Wi-Fi network? Here are the top five locations for online identity theft:
1. Coffee shops and restaurants: between interviews and lunch meetings, food and drink establishments are notorious for attracting both unsuspecting workers logging on to get work done and fraudsters looking for easy targets
2. Airports and other transportation hubs: the large amount of travelers making the most of their gate times online has become a goldmine for fraudsters
3. Hospitals and doctors’ offices: given the potential of using a shared network to access or view personal information like medical records and payment records, medical offices can also serve as a prime spot for identity theft
4. Libraries and bookstores: both of these establishments are places where people commonly go online to get work done, connecting to a shared network and putting their information at risk
5. Apartment buildings: while residents are often encouraged to password-protect their personal wireless networks, many people leave their networks free of password protection in favor of convenience. This choice often puts people at risk in their own homes