Wi-Fi scam: Hackers set up ‘free’ Internet hot spots to steal traveler info

Travelers on the go want to stay connected more than ever.

While it might be tempting to log into the first Wi-Fi hotspot that doesn’t require a password, security experts caution that those “free” access points might actually be run by hackers trying to get your personal information.

“Your videos, your social security number, your insurance information, your credit card information, mobile payments, they’re [hackers] after that information,” Verun Kohli, vice president of Skycure, a mobile defense firm, told NBC.

In addition to SSL decryption, which allows cyber criminals to capture user information, hackers also use SSL stripping, a method that allows attackers to downgrade HTTPS URLs to non-secure HTTP URLs. Malicious Wi-Fi destinations are everywhere.

Kohli says there are hundreds of potentially dangerous networks around the world's top tourist destinations, and nearly one out of 10 suspicious networks reportedly features the term “free” within the hotspot’s name.

Skycure recently mapped popular tourist spots around the country most prone to insecure Internet access points. New York City’s Times Square tops the list. Disneyland in Anaheim, Calif., Notre Dame in Paris, the Las Vegas Strip, and the area around St. Peter’s in Vatican City are also big destinations where hackers try to take advantage of tourists desperate for a connection.

Even for networks that are secure, many users—up to 92 percent according to NBC-- do not fully read the fine print in the disclaimer, which often grants the network access to your personal information and browser history.

Kohli used a medical analogy to explain the risk factor of logging on to a Wi-Fi spot that appears suspicious.

“The safest way not to get sick, is not shake hands with sick people,” the digital security explained. In other words, if a “free” Wi-Fi connection seems too good to be true, it probably is.