With the latest in smart phones, tablets and wireless web access, staying connected has never been easier. The power of wireless computing and communications puts information and resources just a click away at home or at our favorite coffee shop.

But a new survey of Washington web surfers shows the freedom and convenience of wireless access may come at a cost. Nearly half of Washington Internet users failed a quiz about online and wireless safety, while many admit to engaging in activity on their mobile devices that could put them squarely in the sights of hackers looking to steal their personal information.

The new AARP report, “Shady Signals,” shows the majority of Washington adults (73%) access the Internet every day, with a quarter (25%) of online users saying they use free Wi-Fi once a week or more. “The availability of free Wi-Fi at just about every coffee shop, hotel, or public gathering place offers limitless surfing possibilities for online users on-the-go,” says AARP State Director Doug Shadel. “But we’re often trading our own data security for that convenience, and our report shows Washingtonians are ill-prepared to meet the challenges of sophisticated con artists and hackers.”

To help Washingtonians stay safer online, AARP has joined with the Attorney General’s Office, Microsoft and the Federal Trade Commission to launch the “Cyber Safety” campaign. More than 200 consumers attended the launch event on May 12 at the Museum of Flight in Seattle. At the event, Shadel underlined some of the risks of mobile computing by showcasing a few safety demonstrations done in cooperation with NCC Group, a global information security specialist. Shadel showed how simple it is to set up and execute some fairly common attacks known as a “Man-in-the-middle” attack or an “Evil Twin.”

In a “Man-in-the-middle attack,” a malicious user inserts himself between two parties in a communication and impersonates both sides of the exchange. The attacker then intercepts, sends and receives data meant for each user, such as account numbers or passwords. Such an attack occurs most commonly when people are using free or unsecured Wi-Fi connections.

Hackers use a “Evil Twin” to lure unsuspecting people in, connecting with them through a fake access point. Once someone connects, the hacker can capture email or other connections and possibly access the files or information the user shares. “Think of the last few times you connected to free Wi-Fi at a coffee shop, airport or hotel,” says Shadel. “Did you check in with staff to confirm the connection was legitimate before signing on? Few people do.”

“It’s frightening how simple it is for someone to pull off these attacks,” says Shadel. “But what’s more frightening is just how little Washingtonians know about how to keep their devices and information safe.” According to the survey, nearly half of respondents (46%) failed a quiz about online and wireless safety. Four-in-ten respondents (40%) did not know the following:

It is NOT okay to use the same password on more than one site even if it contains a complex mix of letters, numbers and symbols.
Even if you are not using the Internet, if you’re in a location with a public Wi-Fi network, you should disable your wireless connection.
It is NOT safe to access websites with sensitive information, such as banking or credit cards, while using public Wi-Fi network, even if the website is secured by https.

And more than 8 in 10 (82%) did not know that “The most up-to-date security for a home Wi-Fi network is NOT WEP- Wired Equivalent Privacy.” In fact, it is advised to use WPA2 wireless encryption for better protection.

In addition to not knowing WEP is an out-of-date security protocol for routers making it vulnerable to hackers, three quarters (75%) of those with Wi-Fi at home admit they have no idea of what type of encryption software they have. According to Christopher Burgess, a local online security expert and CEO of Prevendra Inc., simple and fairly cheap software is readily available online that allows people to scan and identify vulnerable networks. “It’s common for hackers to purchase software and engage in a practice called ‘war driving,’ allowing them to drive through neighborhoods intercepting and identifying personal Wi-Fi networks,” said Burgess in his presentation at the Cyber Safety event. “They can then zero in on networks with out-of-date security or those with no protection at all.”

“Unfortunately a little knowledge, or lack thereof, can go a long way towards making you vulnerable,” says Federal Trade Commission Regional Director Chuck Harwood. “Without an understanding of the possible pitfalls of mobile computing and free Wi-Fi, consumers can unknowingly step right in to a scammer’s trap.”

AARP’s survey showed Washington online and wireless users are engaged in a number of risky activities.

Among those who say they use free public WiFi, a quarter of respondents (25%) say they have banked online using free public WiFi in the last 3 months.
Similarly, more than 1 in 5 (22%) who use free public WiFi have purchased a product or service over free public Wi-Fi using a credit card.
Among those who access the Internet with a smart phone, one in four (25%) say they do not have a passcode on that phone, and over one-third (35%) of those ages 50 and older say they do not have a passcode on their phone.
Experts say that a defense against hackers breaking into online banking accounts is to change account passwords once every 3 months. AARP’s survey shows that among those who have set up online access to their online banking accounts, four in ten (41%) say they have not changed their passwords in the past 3 months, with 14% saying they have not changed their password in more than two years (5%) or ever (9%).

“When it comes to scams, prevention is the best protection for consumers,” says Attorney General Bob Ferguson. “As technology changes, scam artists are constantly finding new ways to conduct cybercrime. The ‘Cyber Safety’ campaign will help consumers spot cyber scams before they fall victim and help them take preventative steps to protect against fraud.”

“Microsoft is pleased to partner with AARP on this campaign,” said Courtney Gregoire, Senior Attorney, Microsoft’s Digital Crimes Unit. “It is important that Washingtonians feel safe and secure when using any technology, and the first step is understanding there are simple, yet important precautions to take to help secure your computer, and the information on it.”

For more information about the “Cyber Safety” campaign, visit www.aarp.org/wa. Additional events are planned for June 10 in Spokane, October 7 in Kennewick and October 8 in Yakima. Also check out more consumer protection tips and sign up for fraud alerts from the AARP Fraud Watch Network at www.aarp.org/fraudwatchnetwork.

If you believe you are the victim of a scam, file a consumer complaint with the Washington State Attorney General’s Office at www.atg.wa.gov/file-complaint.

AARP engaged Alan Newman Research to conduct this telephone survey among 800 Washington adults 18+ from April 2-11, 2015. The margin of error is +/- 3.5 percent. A full copy of the report is available at http://www.aarp.org/WAStateFraudSurvey or by contacting AARP Communications Director Jason Erskine at 206-517-9345 / jerskine@aarp.org