Q: If I’m on a “secure” (HTTPS) website, how secure am I on a public network? Does that mean communications between my device and the site are encrypted?
— Cory Rickabaugh, Seattle
A: Good question. Yes, if you’re on public Wi-Fi and you make a connection to an HTTPS site, the transmissions between you and that site are indeed encrypted.
But you have to pay attention to make sure you’re really connecting to a legitimate site. Hackers can try to direct you to a bogus site that looks like the one you’re trying to reach, a ploy called a “man-in-the-middle” attack.
If you’re prompted to accept a certificate in trying to connect to the site, that’s a red flag. Don’t do it.
More common than man-in-the-middle attacks are fake hot spots. A hacker might be running an access point that looks like the access point of the coffee shop you’re sitting in but isn’t. And even if you connect to the right hot spot and your computer is configured for file sharing over that network, any hacker can easily access data or plant malware on your computer.
The safest thing to do is to use a virtual private network, which encrypts ALL traffic between you and all websites. (But be aware that some HTTPS sites don’t allow connections via VPNs, so you may need to suspend your VPN to make that connection.)
My recommendations: Don’t do any sensitive computing, especially that involving financial information, over public Wi-Fi. And use a VPN.
By the way, your sensitive information is far more likely to be exposed by opening infected email or clicking on links in infected websites.
Q: I read with some concern about the ransoming experience of a reader, and your response, without much help for others experiencing this problem in the future, gave me pause. Then on Sunday what appeared to be exactly the same problem showed up on my wife’s computer.
Earlier this year I had installed Malwarebytes Premium on our computers based on your suggestion, and I wondered how this type of problem was not protected by the Malwarebytes program.
I contacted their online support and Monday received a very helpful response indicating that this was an example of a “browser scareware” rather than an actual malware. They provided directions on how to address the problem and remove this problem from her computer, and also directed us to “https://blog.malwarebytes.com/tech-support-scams/” to read more about these types of issues and how to address them.
The solution they provided appears to have worked fine and my wife (and I!) are very relieved. Perhaps this information might be useful to your other readers who might experience this problem in the future.
— Richard C., Seattle
A: Yes, there’s a big difference between actual ransomware and “browser scareware.”
The former actually locks up your data until you pay ransom, and often the culprits don’t unlock the data even if ransom is paid. Scareware, as the name implies, simply aims to trick the user into thinking their computer is infected and that you need to contact the “repair service” to fix it.
The simple message is this: be skeptical of pop-up messages. And it’s simple to tell if you’re really infected with malware since you won’t be able to access your data files.