Shady Signals—Washington Wireless Users Unaware, Unprepared for Online Attacks

With the latest in smart phones, tablets, and wireless web access, staying connected has never been easier. The power of wireless computing and communications puts information and resources just a click away at home or at our favorite coffee shop.

But a new survey of Washington web surfers shows the freedom and convenience of wireless access may come at a cost. Nearly half of Washington Internet users failed a quiz about online and wireless safety, while many admit to engaging in activity on their mobile devices that could put them squarely in the sights of hackers looking to steal their personal information.

The new AARP report, Shady Signals, shows the majority of Washington adults (73 percent) access the Internet every day, with a quarter (25 percent) of online users saying they use free Wi-Fi once a week or more.

"The availability of free Wi-Fi at just about every coffee shop, hotel, or public gathering place offers limitless surfing possibilities for online users on-the-go," says AARP State Director Doug Shadel. "But we're often trading our own data security for that convenience, and our report shows Washingtonians are ill-prepared to meet the challenges of sophisticated con artists and hackers."  

To help Washingtonians stay safer online, AARP joined with the Attorney General's Office, Microsoft and the Federal Trade Commission on a "cyber safety" public information campaign. At a recent event, Shadel underlined some of the risks of mobile computing by showcasing a few safety demonstrations done in cooperation with NCC Group, a global information security specialist. Shadel showed how simple it is to set up and execute some fairly common attacks known as a Man-in-the-middle Attack or an Evil Twin.

In a Man-in-the-middle Attack, a malicious user inserts himself between two parties in a communication and impersonates both sides of the exchange. The attacker then intercepts, sends and receives data meant for each user, such as account numbers or passwords. Such an attack occurs most commonly when people are using free or unsecured Wi-Fi connections.

Hackers use an Evil Twin to lure unsuspecting people in, connecting with them through a fake access point. Once someone connects, the hacker can capture e-mail or other connections and possibly access the files or information the user shares.

"Think of the last few times you connected to free Wi-Fi at a coffee shop, airport, or hotel," says Shadel. "Did you check in with staff to confirm the connection was legitimate before signing on? Few people do."

"It's frightening how simple it is for someone to pull off these attacks," says Shadel. "But what's more frightening is just how little Washingtonians know about how to keep their devices and information safe."

According to the survey, nearly half of respondents (46 percent) failed a quiz about online and wireless safety. Four out of ten did not know the following:

  • It is NOT okay to use the same password on more than one site even if it contains a complex mix of letters, numbers, and symbols.
  • Even if you are not using the Internet, if you're in a location with a public Wi-Fi network, you should disable your wireless connection.
  • It is NOT safe to access websites with sensitive information, such as banking or credit cards, while using public Wi-Fi network, even if the website is secured by https.

And more than eight in ten (82 percent) did not know that "The most up-to-date security for a home Wi-Fi network is NOT WEP—Wired Equivalent Privacy."  In fact, it is advised to use WPA2 wireless encryption for better protection.

In addition to not knowing WEP is an out-of-date security protocol for routers, making it vulnerable to hackers, three quarters of those with Wi-Fi at home admit they have no idea of what type of encryption software they have. According to Christopher Burgess, a local online security expert and CEO of Prevendra Inc., simple and fairly cheap software is readily available online that allows people to scan and identify vulnerable networks.

"It's common for hackers to purchase software and engage in a practice called 'war driving,' allowing them to drive through neighborhoods intercepting and identifying personal Wi-Fi networks," says Burgess. "They can then zero in on networks with out-of-date security or those with no protection at all."

For Cyber Safety Tips, click on the Fraud Watch Network logo, above.

"Unfortunately a little knowledge, or lack thereof, can go a long way towards making you vulnerable," says Federal Trade Commission Regional Director Chuck Harwood. "Without an understanding of the possible pitfalls of mobile computing and free Wi-Fi, consumers can unknowingly step right in to a scammer's trap."  

AARP's survey showed Washington online and wireless users are engaged in a number of risky activities:

  • Among those who say they use free public Wi-Fi, one quarter of respondents say they have banked online using free public Wi-Fi in the last three months.
  • Similarly, more than 1 in 5 (22 percent) who use free public Wi-Fi have purchased a product or service over free public Wi-Fi using a credit card.
  • Among those who access the Internet with a smart phone, one in four say they do not have a passcode on that phone, and over one-third (35 percent) of those ages 50 and older say they do not have a passcode on their phone.
  • Experts say that a defense against hackers breaking into online banking accounts is to change account passwords once every three months. AARP's survey shows that among those who have set up online access to their online banking accounts, four in ten (41 percent) say they have not changed their passwords in the past three months, with 14 percent saying they have not changed their password in more than two years (five percent) or ever (nine percent).

"When it comes to scams, prevention is the best protection for consumers," says Washington State Attorney General Bob Ferguson. "As technology changes, scam artists are constantly finding new ways to conduct cybercrime. The 'Cyber Safety' campaign hopes to help consumers spot cyber scams before they fall victim and help them take preventative steps to protect against fraud."

"Microsoft is pleased to partner with AARP on this campaign," said Courtney Gregoire, senior attorney in Microsoft's digital crimes unit. "It is important that Washingtonians feel safe and secure when using any technology, and the first step is understanding there are simple, yet important precautions to take to help secure your computer, and the information on it."

For these and other timely consumer protection tips, sign up for fraud alerts from the AARP Fraud Watch Network at www.aarp.org/fraudwatchnetwork.  If you believe you are the victim of a scam, file a consumer complaint with the Washington State Attorney General's Office at www.atg.wa.gov/file-complaint.


AARP engaged Alan Newman Research to conduct this telephone survey among 800 Washington adults 18+ from April 2–11, 2015. The margin of error is +/- 3.5 percent. A full copy of Shady Signals: Wireless Computing and Online Safety Among Washington Internet Users Age 18-Plus is available online.