You are downtown and don’t have an EVDO/3G connection. After scanning the area, you find an SSID called Free Internet 4 You. Cool! You connect to the network, start checking your emails and maybe do some financial transactions, and you’ve probably fallen into a trap. This tricky HotSpot works just like any other, but it has been designed to read your traffic, packet by packet (called packet sniffing). What’s the easiest thing to steal? Your email credentials of course. The username and password are sent in clear text, so a hacker can take over your email account very quickly. If you were using a work account, you can reset the settings by contacting your wonderful IT team (who might laugh at you in secret), but if it had been a free account you’ve had for years, it’s gone.
What’s worse, legitimate Free WiFi, available in most coffee shops, is usually unencrypted. The guy sitting next to the guy drinking his coffee is virtually on the same network as you, with nothing between your you and him to protect your privacy. And, most of these free services don’t use either WPA or WEP security (which can be hacked in minutes anyway).
So, be careful when using HotSpots. At least financial transactions are usually done using HTTPS, so your information is a bit more complicated to grab. But if the hacker gets access to your email, username and password, and spot a connection to your bank site, all he has to do is click the password reminder link on the site and monitor your Inbox to get some nice information
If the protocols are available, it is highly suggested to use POP3S or IMAPS (secure encrypted versions of the POP3 and IMAP protocols). Of course, not every organization has these, so most of the time, this option is not possible.
For the ‘techier’ people, a SSH tunnel is a great alternative, and will allow one to encrypt virtually all non-secure services.