Identity Fraud on Caffeine! The Threat of the Coffee Shop

Jumio Inc, a next-generation credentials management company, is cautioning users to be wary of which Wi-Fi network they are connecting to at their local coffee shop. The danger of fraudsters running bogus networks with the same name as the real Wi-Fi network is revealed in new research from Jumio in its soon to be released white paper, “The Fraudsters Playbook.”

David Pope, director of marketing and payment fraud expert at Jumio, asserts, “Businesses and consumers alike must be aware that there are many disreputable networks posing as official networks — their only true purpose is to steal the personal details of unsuspecting Wi-Fi users.”

Click through for more on how fraudsters are using bogus Wi-Fi connections to steal user ID and login information, as identified by Jumio, Inc.

One of the fraudsters’ latest ploys to steal identities is to sit in a coffee shop that offers free Wi-Fi and use a laptop to broadcast a wireless network that’s named exactly like the venue’s official Wi-Fi. The fraudster will use that as a launching point to “get to know” their ID theft victim.

Here’s how the fraudster does it:

1. The fraudster sits in a coffee shop using his or her laptop to create a Wi-Fi hub that’s identically named to the venue’s legitimate Wi-Fi hotspot.
2. Customers and coffee lovers log onto the fraudster’s hotspot, which contains malware that allows the fraudster to access their machine while he is sitting nearby.
3. The fraudster accesses the customer’s online accounts by hacking their password using cryptography tools such as Cain & Abel.
4. The customer leaves the coffee shop and the fraudster moves onto his next coffee-drinking victim, all the while amassing access to online accounts for banking, retail and social media, ready for exploitation.

Current fraud stats show that the U.S. economy loses in excess of $100 billion annually to fraud, a pattern that is mirrored in other countries such as the UK. The UK economy lost £52bn in 2012 from fraud, 41 percent of which was accredited to online attacks.

Tony Sales, convicted fraudster turned fraud prevention consultant, said, “This is one of the fraudsters’ favorite ID theft exploits as it yields rich data that they can use to conduct fraud straightaway. They sit around in coffee shops for half a day and get 50 or so identities with passwords to their targets’ online grocery shopping, their online bank accounts and other transactional sites. Then it’s time to get back to base to leverage this data and get spending.”

What places should consumers think twice about before connecting to an unsecure Wi-Fi network? Here are the top five locations for online identity theft:

1. Coffee shops and restaurants: Between interviews and lunch meetings, food and drink establishments are notorious for attracting both unsuspecting workers logging on to get work done and fraudsters looking for easy targets.
2. Airports and other transportation hubs: The large amount of travelers making the most of their gate times online has become a goldmine for fraudsters.
3. Hospitals and doctors’ offices: Given the potential of using a shared network to access or view personal information like medical records and payment records, medical offices can also serve as a prime spot for identity theft.
4. Libraries and bookstores: Both of these establishments are places where people commonly go online to get work done, connecting to a shared network and putting their information at risk.
5. Apartment buildings: While residents are often encouraged to password-protect their personal wireless networks, many people leave their networks free of password protection in favor of convenience. This choice often puts people at risk in their own homes.