Mobile technology boosts a connected cafe culture – consumers feel safe and comfortable checking Facebook, sending and receiving emails, downloading pictures, shopping online, conducting mobile banking and even accessing sensitive documents over public Internet connections. Often, consumers are unaware of the severe cybercrime risks posed by these seemingly harmless tasks.
To help consumers avoid online fraud and malware risks, ThreatMetrix has identified several scenarios of how cybercriminals can access sensitive transactions on public networks.
Network scanners – A network scanner detects open ports on a device that's connected to a network. A cybercriminal can integrate a network scanner with hacking tools to automatically exploit system vulnerabilities, giving the fraudster complete control of a cafe customer's device.
Man-in-the-Middle – Hackers use off-the-shelf or other devices configured as "hotspot honeypots" to intercept a user's Internet connection, granting the hacker full access to the user's network connection. This allows them to launch man-in-the-middle attacks such as website redirection, session hijacking and other network-based attacks.
Social hacking – Cybercriminals can leave a malicious USB drive on a cafe table for an unsuspecting, curious customer to insert it into his or her device. The attacker can then capture sensitive information, such as social network logins.
Hi-res video cameras on mobile phones – Cybercriminals can subtly use a hi-resolution video camera on a mobile device to capture a nearby user's activity. For example, a consumer may enter his or her credit card information or Gmail login into a device while waiting in line, without knowing the cybercriminal is capturing a video of the credentials.
The most effective way for consumers to keep their banking and other personal information protected is to alter the type of behavior and business they conduct in coffee shops and similar environments. Consumers must also make sure to frequently update their operating system and anti-virus software when prompted to do so.