{"id":180226,"date":"2025-09-30T14:41:20","date_gmt":"2025-09-30T14:41:20","guid":{"rendered":"https:\/\/www.newsbeep.com\/au\/180226\/"},"modified":"2025-09-30T14:41:20","modified_gmt":"2025-09-30T14:41:20","slug":"as-an-ethical-hacker-i-cant-believe-the-risks-people-routinely-take-when-they-access-the-internet-in-public","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/au\/180226\/","title":{"rendered":"As an ethical hacker, I can\u2019t believe the risks people routinely take when they access the internet in public"},"content":{"rendered":"<p>In the modern world we are all constantly connected, but this comes with risks. As most <a href=\"https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/08874417.2023.2221200\" rel=\"nofollow noopener\" target=\"_blank\">cybersecurity specialists<\/a> will tell you, the biggest vulnerability in any system is the user \u2013 whether at home or work. <\/p>\n<p>The <a href=\"https:\/\/www.cobalt.io\/blog\/cybersecurity-statistics-2024\" rel=\"nofollow noopener\" target=\"_blank\">most common ways<\/a> in which hackers break into systems are via attacks on users such as phishing, rather than by breaching technical infrastructure. As <a href=\"https:\/\/www.cobalt.io\/blog\/cybersecurity-statistics-2024\" rel=\"nofollow noopener\" target=\"_blank\">much as 94%<\/a> of all malware is delivered via email, while phishing is the primary means of attack <a href=\"https:\/\/www.cobalt.io\/blog\/cybersecurity-statistics-2024\" rel=\"nofollow noopener\" target=\"_blank\">in 41%<\/a> of all incidents. This risk is also increasing, with <a href=\"https:\/\/www.cobalt.io\/blog\/cybersecurity-statistics-2024\" rel=\"nofollow noopener\" target=\"_blank\">75% of<\/a> security experts reporting an overall rise in cyberattacks year on year in 2023.<\/p>\n<p>You can listen to more articles from The Conversation, narrated by Noa, <a href=\"https:\/\/theconversation.com\/us\/topics\/audio-narrated-99682\" rel=\"nofollow noopener\" target=\"_blank\">here<\/a>.<\/p>\n<p>Many corporate IT teams have been <a href=\"https:\/\/www.tandfonline.com\/doi\/abs\/10.1080\/08874417.2020.1712269\" rel=\"nofollow noopener\" target=\"_blank\">spending heavily<\/a> on training users to be more wary of such attacks. However, this has tended to focus on best practice in the workplace. In public areas, where people\u2019s guards might be lowered, it\u2019s quite a different story.  <\/p>\n<p>I\u2019ve recently seen several examples of this for myself. As a certified <a href=\"https:\/\/www.linkedin.com\/posts\/chris-hawkins-mbcs-bsc-hons-msc-pip2-ceh-m-cei-ecm-76082a19b_hacking-ethicalhacking-ethicalhackingtraining-activity-7098398977317842944-gS96\" rel=\"nofollow noopener\" target=\"_blank\">ethical hacker<\/a> with years of experience in cybersecurity and contributing to cybercriminal investigations, I can\u2019t tell you how easy it is for these kinds of situations to be exploited by bad actors. <\/p>\n<p>In the first incident, I was in a shop buying some household items. While I queued, staff were asking customers for email addresses to send them e-receipts for their items. <\/p>\n<p>            <a href=\"https:\/\/images.theconversation.com\/files\/623849\/original\/file-20241007-15-ykw938.jpg?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip\" rel=\"nofollow noopener\" target=\"_blank\"><img decoding=\"async\" alt=\"Woman on her phone\" class=\"lazyload\" src=\"https:\/\/www.newsbeep.com\/au\/wp-content\/uploads\/2025\/09\/file-20241007-15-ykw938.jpg\"  \/><\/a><\/p>\n<p>              \u2018Yes to the discount code.\u2019<br \/>\n              <a class=\"source\" href=\"https:\/\/www.shutterstock.com\/image-photo\/young-pretty-woman-holding-smartphone-using-2249452169\" rel=\"nofollow noopener\" target=\"_blank\">Insta_photos<\/a><\/p>\n<p>This might sound innocent, and it\u2019s surely better for the environment than paper receipts, but it could easily be exploited by a savvy hacker who might be listening. Combined with contextual information such as location, item and cost, they could craft a phishing email that would probably fool most people. It could be an invite to complete a feedback survey, for instance, or a discount code for their next visit to the same store. <\/p>\n<p>On another occasion I was at a live concert. While we waited for the show to begin, an individual in front of me was browsing his phone. From observing for just a short time, I ascertained his name, job, address, vehicle, phone number and even bank balance. Again, this could have been used by a hacker in a number of malicious ways, including posing as the individual to steal their identity or even coercing them to act against their employer, say <a href=\"https:\/\/www.digitalforensics.com\/blog\/blackmail\/the-ultimate-guide-to-handling-hackers-blackmail-threats\/#:%7E:text=Hackers%20can%20blackmail%20individuals%20by%20gaining%20unauthorized%20access,to%20even%20simpler%20tactics%20like%20guessing%20weak%20passwords.\" rel=\"nofollow noopener\" target=\"_blank\">by threatening<\/a> to reveal sensitive information. <\/p>\n<p>We therefore all need to be mindful of the information that we are exposing to strangers when we are in public. Equally, we need to think about what devices we are using, and what we are connecting them to. <\/p>\n<p>Unsecured network risks<\/p>\n<p>While at the same concert, I saw numerous people connecting to the stadium wifi, which was totally unprotected and required no authentication. When you log in to an unsecured network, it <a href=\"https:\/\/www.tomshardware.com\/networking\/australian-police-arrest-hacker-who-created-evil-twin-wireless-network-to-steal-data-during-flights\" rel=\"nofollow noopener\" target=\"_blank\">exposes your device<\/a> to risks such as <a href=\"https:\/\/www.kaspersky.com\/resource-center\/preemptive-safety\/evil-twin-attacks\" rel=\"nofollow noopener\" target=\"_blank\">evil twin attacks<\/a>. <\/p>\n<p>Evil twin attacks involve the attacker creating a wifi hotspot, which can be set to any name they choose, such as \u201cstadium wifi 2\u201d or whatever. When an unprotected device connects to this network, the attacker can potentially steal the data they are transmitting. <\/p>\n<p>It can also be used for other nefarious purposes such as snooping on confidential networks, injecting malware into downloads or \u201cman-in-the-middle\u201d attacks in which the hacker poses as the other person in a communication, again usually to steal information. <\/p>\n<p>People can be exposed to similar threats on unsecured networks through another hacking ruse known as <a href=\"https:\/\/www.avast.com\/c-packet-sniffing\" rel=\"nofollow noopener\" target=\"_blank\">packet sniffing<\/a>. This is where a hacker uses a program to monitor the data moving over the network and steal information. <\/p>\n<p>            <a href=\"https:\/\/images.theconversation.com\/files\/623852\/original\/file-20241007-19-zqydz6.jpg?ixlib=rb-4.1.0&amp;q=45&amp;auto=format&amp;w=1000&amp;fit=clip\" rel=\"nofollow noopener\" target=\"_blank\"><img decoding=\"async\" alt=\"Wifi logo in digital illustration\" class=\"lazyload\" src=\"https:\/\/www.newsbeep.com\/au\/wp-content\/uploads\/2025\/09\/file-20241007-19-zqydz6.jpg\"  \/><\/a><\/p>\n<p>              Connecting now \u2026<br \/>\n              <a class=\"source\" href=\"https:\/\/www.shutterstock.com\/image-photo\/young-pretty-woman-holding-smartphone-using-2249452169\" rel=\"nofollow noopener\" target=\"_blank\">Alexander Supertramp<\/a><\/p>\n<p>You can avoid these risks by logging in from a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Virtual_private_network\" rel=\"nofollow noopener\" target=\"_blank\">virtual private network<\/a> (VPN), not that I saw anyone doing that at the concert. More generally, people can protect themselves from identity theft by, for instance, having <a href=\"https:\/\/www.csoonline.com\/article\/569867\/9-top-anti-phishing-tools-and-services.html\" rel=\"nofollow noopener\" target=\"_blank\">anti-phishing systems<\/a> in their inboxes. <\/p>\n<p>However, the easiest defence of all is to be alert to the risks and take sensible precautions in public. By protecting your data and devices, no matter where you are, you can avoid becoming one of the victims.<\/p>\n","protected":false},"excerpt":{"rendered":"In the modern world we are all constantly connected, but this comes with risks. As most cybersecurity specialists&hellip;\n","protected":false},"author":2,"featured_media":180227,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[64,63,237,105],"class_list":{"0":"post-180226","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-internet","8":"tag-au","9":"tag-australia","10":"tag-internet","11":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/180226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/comments?post=180226"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/posts\/180226\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media\/180227"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/media?parent=180226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/categories?post=180226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/au\/wp-json\/wp\/v2\/tags?post=180226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}