The summer travel season is upon us, and that means many people will connect to public Wi-Fi hotspots at airports, hotels, cafes, restaurants, bus stops and more. Unfortunately, public networks have become targets for hackers who use them to infiltrate connected devices.

A compromised network can allow a hacker to intercept, read and modify the internet traffic that passes through it. They can then leverage this for a number of purposes, ranging from stealing passwords to downloading malware onto victims’ phones and laptops.

Be Cautious on Public Wi-Fi

Open Wi-fi hotspots are difficult to secure because anyone can connect to them without any sort of authentication. This gives cybercriminals two avenues of attack:

Hack an existing Wi-Fi network.

The hacker gains access to a router that broadcasts an open network. If the router was not properly secured, it likely has some holes in its security that could allow a someone to access the router firmware console. Many router owners never change the default username and password used to access the console administrator’s account. From the console, the hacker can take complete control of the network.

Create a fake Wi-Fi network.

In this case, the hacker creates a Wi-Fi hotspot from their smartphone or other device and gives it a deceiving name, such as “Starbucks Wi-Fi.” Any unsuspecting person who believes they are connecting to internet provided by Starbucks actually sends all of their data straight to the bad guy.

Even if a Wi-Fi network requires a password that you must obtain from staff on premises, it doesn’t mean the network is secure. A hacker could just as easily obtain the password to join the network or create a fake Wi-Fi hotspot with an identical name and password. Research shows nearly two of every five Wi-Fi hotspots in the U.S. is inadequately secured. Essentially, the only network you should trust is one you set up yourself.

Wi-Fi Attacks

Once a hacker has successfully compromised an open Wi-Fi hotspot, they can carry out a number of attacks and spying activities on the people and devices connected to it.

Eavesdropping

Eavesdropping is the most straightforward attack. The hacker uses a network sniffing tool like to filter and comb through any unencrypted data sent through the network. They can spy on emails, messages, search queries, web page requests and more, looking for any information of value such as passwords or financial info.

Man In The Middle (MITM)

Man-in-the-middle attacks are perhaps the most prevalent threat when connected to public Wi-Fi. The hacker acts as a relay between the victim and the internet, spying on and potentially modifying the data sent back and forth. MITM attacks can be used to steal information, force users to watch more ads, deliver malware and perform other attacks.

Domain Name System (DNS) Spoofing

DNS spoofing occurs when the hacker alters a DNS nameserver’s resolver cache to divert traffic to an unintended destination. In plain English, that means the victim is redirected to a website they did not intend to visit. This can be used by the hacker to redirect victims to phishing websites, which often look identical to official, legitimate websites, but are operated by hackers. The goal is to trick the victim into entering their password or other sensitive information that is then sent to the hacker.

How to Protect Yourself

Now that you know the threat that public networks can pose, you can take steps to protect yourself.

Always Check for HTTPS

Website URLs that contain “https://” at the beginning, often accompanied by a green padlock, encrypt all the data sent back and forth between a web browser and the website. They use SSL encryption to scramble the contents of your data before it leaves your device, making it impossible for a hacker on the Wi-Fi network to decipher.

Use a Virtual Private Network (VPN)

A VPN is a service that encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing. A VPN grants numerous benefits to users and is particularly useful to people who have to use public Wi-FI while traveling for work or fun.

The encryption part of a VPN is similar to what you get when you visit an HTTPS site. Anyone who happens to intercept internet traffic between the smartphone or laptop and the VPN server won’t be able to decipher its contents, including Wi-Fi hackers.

Nor can a hacker determine where that traffic is headed; they can only see encrypted data headed to a VPN server, but not the actual website.

Both of these perks are applied to all websites and applications on the VPN-connected device. VPNs that include DNS leak protection should also guard against aforementioned DNS spoofing attacks.

VPNs come in many shapes and sizes, but the most reputable are paid subscription services. Each provider typically makes its own apps for smartphones and computers, which you can download and install upon signing up. Once that’s done, just pick a location and connect. After the connection is established you can use the internet as you normally would.

Finally, know that mobile data connections are generally more secure than public Wi-Fi. If you have a smartphone with working data where you travel, use that to take care of any sensitive online tasks. If you need to use a laptop, you can turn on your phone’s mobile Wi-Fi hotspot to create a more secure connection to the internet. Just make sure to secure it with a strong password!

HTTPS websites are also verified by a certificate authority. When your browser sees this certificate, it ensures the user that they are communicating with the real website and not an imposter, such as a phishing site.

Most websites use HTTPS these days, but not all. Sometimes websites have both HTTPS and non-HTTPS versions available.

HTTPS websites encrypt the contents of internet traffic sent to and from a site, but they don’t conceal the address of the website itself, so a hacker could still see what websites you access.

Author Bio Paul Bischoff is a privacy advocate and the editor of Comparitech, a security-focused tech services review site. He’s been covering IT-related subjects for multiple outlets since 2012 and is passionate about privacy, free speech and net neutrality.