Please sign in to post.

Free WiFi can come at a cost-anyone use a personal VPN?

I just returned from Spain. While I was browsing one of my social media accounts in the airport lounge, or on the plane, or somewhere with free wifi, my account was hacked and I was locked out because the hacker changed my log in credentials. I was able to get it resolved-but it took 5 days and stress.

We are traveling more. Anyone use their own VPN? If so, recommendations? (when I was working for a company that had security on everything, I had to use their VPN).

Just a word to anyone-- believe it or not, people are cruising the internet looking for an open door into your accounts. Make sure you have a strong password, don't reuse them, change passwords regularly. I had a strong password but hadn't changed it within the last year--I've learned my lesson. This was the only account where I didn't have 2 factor authentication.

Posted by
8613 posts

I do not use a dedicated IP address, but I do log on and use wi-fi via a VPN. I use NordVPN, whenever I boot up, log into WIFI, and Nord automatically activates and provides security.

My wife is indifferent, but then she realized that by choosing a US based server, she could log into our Hulu and Netflix accounts to watch her usual shows, so now she is a fan.

Posted by
3371 posts

Whether I am traveling or at home, I always log on with Surf Shark. I feel secure and it works well .

Posted by
9415 posts

I had a strong password but hadn't changed it within the last year.

Just curious what you consider strong. I use a password manager that creates very strong passwords (usually 8-14 random characters, letters and numbers), and I've never had any of them hacked into.

Posted by
876 posts

It doesn't matter how strong your password is if someone is sniffing your insecure connection....

Strong passwords matter when someone is trying to hack into your account knowing your
login and has some info about you that allows them to use a password generator that can
generate variants on the info about you they know.

Posted by
70 posts

I don't necessarily always use a VPN, but I don't do anything that requires me to put in a password when I'm on public wifi.

Posted by
17346 posts

I recently switched to Nord VPN and couldn't be happier.

My former service was slow and quite often had difficulty connecting.

With Nord I can watch Amazon Prime and Pluto.

Posted by
438 posts

I do not use a dedicated IP address, but I do log on and use wi-fi via a VPN. I use NordVPN, whenever I boot up, log into WIFI, and Nord automatically activates and provides security. My wife is indifferent, but then she realized that by choosing a US based server, she could log into our Hulu and Netflix accounts to watch her usual shows, so now she is a fan.

Thx Paul--this is great to know! I'll check out Nord.

Posted by
438 posts

We use Surfshark whenever we travel. We are quite happy with it.

Salbeachbum -Thx, I'll check this one out too!

Posted by
438 posts

Whether I am traveling or at home, I always log on with Surf Shark. I feel secure and it works well .

Good point, Phillip-- I usually just keep wifi off and use my cellular, but that uses up alot of data and then will eventually slow down when I exceed the 5G allotment. The VPN would be handy like at a hotel, Starbucks, etc--

Posted by
438 posts

I recently switched to Nord VPN and couldn't be happier. My former service was slow and quite often had difficulty connecting. With Nord I can watch Amazon Prime and Pluto.

Frank-another vote for Nord-- my husband is also Mr. Amazon Prime, so he'd like this.

Posted by
438 posts

It doesn't matter how strong your password is if someone is sniffing your insecure connection....Strong passwords matter when someone is trying to hack into your account knowing your
login and has some info about you that allows them to use a password generator that can
generate variants on the info about you they know.

Shoeflyer--another learning experience here.

I thought if I had strong passwords, that would be a pretty good defense. What do you mean by "sniffing around the internet?" So anything you look at, someone could be able to just jump into an account without credentials?

Posted by
262 posts

What kinds of devices are people talking here, any?

Posted by
438 posts

This would be any device that utilizes the WiFi. Phones, iPads, surface, laptops.

Posted by
438 posts

I use Express VPN when I travel domestically or overseas.

Great, another option to consider. Thx Laurie Beth.

Posted by
8613 posts

What kinds of devices are people talking here, any?

Basically any device that you log into wi-fi at a hotel, cafe, airport, anywhere. While when you use wi-fi you think you have privacy, you don't. A bad actor can use software to spy on devices using that wi-fi hub.

Mostly what they can see is the traffic, what websites are accessed and what is keyed in to access sites. So worst case, they may know you accessed your bank website, your user name, and your password. This is one reason why websites now recognize your devices, use 2FA, and other security measures. A VPN provides a secure encrypted connection to a server, most allow you to select a server, which could be located anywhere in the world, so the websites you visit may think you are located in Dallas, TX (for example) though you may be in Cordoba, Spain.

If you connect via data, like on your phone, or a hotspot via your phone, then a VPN is not really needed as your phone connection is secure. But use your phone to connect to WiFi, then you should use a VPN.

Posted by
876 posts

OP, Paul has pretty much answered the question(s) you asked in your reply.

When I say "sniffing around the internet", I mean that a hacker could access the wi-fi
portal same as you and use devious software to see what computers/phones/tablets
connected to that portal are doing. If the connections are not secure (which they
usually are not on a public wi-fi network), they can potentially decipher any traffic
that is going on.

So using a public wi-fi portal to check the scores of the game or connect to Google
Maps is not a problem, but doing anything that should be secure like accessing
any personal accounts should not be done without an added level of security,
such as VPN, 2FA, etc.

On trips, some people try to survive without a data plan and just use wi-fi in the
hotel or a museum, etc. That works fine as long as all you want to do is avoid
getting lost or see when the next train departs. But without a secure internet
connection, you're taking a big risk accessing personal accounts, which might
be an issue on a trip if, for instance, you need to attend to some personal matters
(pay a bill online, etc), or an emergency arises.

Having strong passwords is an excellent practice and you should not stop doing that,
but the main reason for that is so that a hacker cannot guess your password if they
know your login or email address. Many people use easy-to-guess passwords like
"1234" or their birthdate. That is where strong passwords will protect your accounts.

Finally, since the other end (the bank, Amazon, etc) know your login/password credentials,
if the bank security gets breached and the hackers get your info that way, there's
really nothing you could have done to prevent that.

Posted by
262 posts

Throwing this link out there, with no experience.

https://www.tomsguide.com/best-picks/best-free-iphone-vpns

Exclusively I use free WIFI overseas, never cellular service, and often away from apartment or hotel, and no issues yet. I rarely if ever check bank accounts or credit card accounts while traveling, although I do get credit card spend alert notifications.

Posted by
22552 posts

Its pretty great that Netflix and AmazonPrime, etc now accept you logging in from europe with a US VPN.

Posted by
9415 posts

Strong passwords matter when someone is trying to hack into your account knowing your
login and has some info about you that allows them to use a password generator that can
generate variants on the info about you they know.

shoeflyer, that's why I use a password manager, as it generates random passwords that are not based on any personal info. Plus the password manager PW is also random, I am the only one with access to it and it is not stored on my phone or laptop.

Posted by
8613 posts

Its pretty great that Netflix and AmazonPrime, etc now accept you logging in from europe with a US VPN.

I doubt Netflix condones it, but to them, it just appears that you are logging in while in the US, to your US account, so no real flags are raised.

As for Amazon, it certainly allows you to do some things, particularly if you use their streaming service, but if you wanted to order something, they likely would require you going to the Italy site, if you were in Italy, for delivery in Italy, not the US site. If I need e-books, I have always been able to access my account while in Europe, without a VPN, and download books, or order items for delivery in the US from the US site.

As for the various streaming sites, the reason they block use, or the streaming of specific shows, is due to copyright agreements and licensing. Many US TV shows are not licensed for viewing in Europe, the VPN is a work-around to showing a European IP address. If you want to be exact, you could check the terms of service agreement from the streaming service, but you are likely firmly in a grey area. Many streaming services likely are working to detect VPNs, but unless they block specific IP addresses, there is little they can do.

Posted by
1 posts

I use nord VPN and so thankful for the extra protection. I have it on my phone, imac and macbook as well.

Posted by
1068 posts

We travel with two VPNs. Hotspot Shield and VyprVPN. Vypr is more user friendly and easier to find a server than Hotspot, but we get Hotspot because of the password manger that we use. Also, it does have a Houston server if we need to access.

Posted by
438 posts

Shoeflyer and Paul--thanks for the enlightenment for all of us. You never think about this, I knew that free wifi isn't always the best and thankfully I didn't access anything financial or personal except I had accessed LinkedIn. I don't go on very often and LinkedIn took my account down within seconds of me notifying them of the breach, which I caught right away because I happened to be on email when I got the password change email. (I had my husband check my LinkedIn profile while all this was happening).

I would also like to add "social engineering." Replying to who is your favorite teacher, or what song was popular when you were in high school, those little doll things to create a likeness, posting your pet's name, if someone gets into your account they can literally create a clone of you or they can figure out a password. Many people use pet names, kids names, hobby names in email passwords.

I had to take alot of cyber security information protection classes in my prior work and learned that emails get shadowed in the dark web and you don't even know you are being shadowed. it only takes seconds and days to figure out a password. I had a few clients where I would receive a request for money. I knew these were fake emails and told my clients to change their email password. Dark web sees who you get email from, where you bank, who you deal with, etc.

My LinkedIn password should've been changed because it had appeared in a security breach on another site. Duh on me. But who would bother with my dinky little account I rarely use, right?

https://www.alterahealth.com/2023/09/hackers-are-taking-your-password-seriously-you-should-too/

Posted by
2 posts

Just returned from My Way Italy and used Nord VPN- signed up for a month and felt very secure when using local WiFi. Of course, still didn’t sign in to bank accounts etc.

Posted by
173 posts

I would just say also to check your carrier as my Google Fi phone service on my iPhone, provides a VPN as part of their service and my home internet has one thru xfinity/comcast.

Posted by
22552 posts

Paul, so thr VPN is used to trick the likes of NetFlix and streaming services and get around those pesty, illegal and unconstitutional terms of service agreements that we agree to.

Posted by
22552 posts

As for Amazon, ... if you wanted to order something, they likely
would require you going to the Italy site, if you were in Italy,
for delivery in Italy, not the US site.

That's not true. Maybe better choices from one of the European sites, but the US site will show you products that will ship to your European address. I havent done it yet, but I suspect that if I order from Amazon.com (US) it will be shipped out of the EU so no customs or cross atlantic shipping ... but not certain. Not every country has an Amazon site. I generally use the German (Amazon.de) or the Polish (Amazon.pl) as they are EU. But at least here in Hungary, expect to wait 2 weeks for any order to arrive.

My Amazon Prime and Netflix work fine without using VPN to give the false impression that I am in the US. The lineup is a little different, but not much, especially on the hot titles. If i did want the US version, I could use my US phone data plan and the hotspot for my laptop. I also use my US phone data plan to get to state websites for things like DL and professional licensing.

As for free WiFi, ain't nothing in life free. I use my data plan.

Posted by
421 posts

We use Windscribe which has a limited free option. We pay for a subscription that covers multiple devices and has better service.
That's a hard lesson to learn, sorry it happened!

Posted by
482 posts

The VPNs mentioned so far seem fine. But "free VPN" is well known scam. The people running the VPN can access your traffic so you'd better have reasonable reasons to trust them.

I used NordVPN on my only trip to Europe just before Covid. I had a problem in that several Hotel wifi's were so slow that NordVPN would silently fail. Apparently it needed a certain minimum speed for the connection which the hotel didn't have (Venice, Florence once or twice). Once I figured it out I'd use it on a higher speed network for needed stuff and leave it off for general browsing.

I'm sure it's better now. Both NordVPN and the various wifi networks.

Posted by
1320 posts

I had accessed LinkedIn. I don't go on very often and LinkedIn took my account down within seconds of me notifying them of the breach

I have a suspicion of what might have happened, a type of man-in-the-middle attack. My guess could only happen if you weren't using the LinkedIn app on your device. Did you search for LinkedIn in a web browser and then login when the LinkedIn page was presented?

Posted by
438 posts

I have a suspicion of what might have happened, a type of man-in-the-middle attack. My guess could only happen if you weren't using the LinkedIn app on your device. Did you search for LinkedIn in a web browser and then login when the LinkedIn page was presented?

Interesting you mention this, John. I turn off most of my email notifications because I don't want to be bombarded, especially when on the road. I was bored, going through email, and I had one from LinkedIn. I hadn't looked at it for awhile and I've been following a couple of events, so I open the email. Usually I use apps for everything--rarely do I go to a webpage itself when I have my ipad or iphone.

I went through my deleted emails folder to find if and when I had an email from linked in and if it coincided to this breach event. I saw the last one I had opened from LinkedIn. The link in the email takes you to the website, not the app. So apparently I logged on thru the email link.. The very next day (depending on time zones and when exactly the next day is) is when my account was compromised. I'm in Spain and the log in is supposedly somewhere in the state of Georgia.

It sounds that you are web savvy--how does using an app differ from actually opening up the webpage in a browser? Thx!

Posted by
1718 posts

It sounds more like the email you clicked a link in wasn't from LinkedIn and the website it took you to wasn't LinkedIn.

Posted by
1320 posts

I'm out of explanations if the capture happened after following a link in an email, assuming its a legitimate email. My story only works if you searched for linkedIn in the address bar or a search engine and then logged in to the website.

Apps in general are safe since they'll only use https (encrypted) connections and know the encryption key certificate of the server so they can recognize spoofs. But if you clicked on a link in a legitimate email then it should have used https as well, and for big websites such as linkedIn the browser should have saved the encryption key certificate so it would recognize a spoof attempt. Anyway, sorry this happened to you and glad you were able to resolve it.

Posted by
482 posts

Might have something to do with it(May 25th). There are also reports of North Korea's Lazarus Group also joining in on the linkedin attacts:

https://impulsec.com/cybersecurity-news/linkedin-account-hacks/

[snip]
Reports have surfaced across various forums and social media channels, highlighting a significant surge in LinkedIn account hacks breaches over the past 90 days. Cyberint, a cybersecurity research firm, published a report detailing the alarming upward trend in search queries like “LinkedIn account hacked” and “LinkedIn account recovery,” which grew by over 5,000%.

Users worldwide have reported losing control of their accounts, with some being coerced into paying a small ransom to regain access. LinkedIn, a Microsoft subsidiary, has yet to make a public statement about this burgeoning issue, leaving many users feeling frustrated and vulnerable.

Posted by
438 posts

Oh Wow-- this is when it happened. I got the "successful email change" on May 28th.

This is exactly what happened-- totally locked out due to email and password being changed by the hacker. I was going round and round with LinkedIn offshore (I'm assuming given the names of the customer service people I was dealing with) then all of a sudden I'm hearing from another department that was most likely based in the US. (based on the names).

I was wondering if there was a security breach at LinkedIn, because I knew I wasn't spoofed ( I always check for https) when I signed in. I also had a long password combination. Now this article backs up my hunch.

Nonetheless-- this was a wake up call. I thought I was pretty savvy, but I think we have all learned alot from the posts here, at least I have!

Posted by
482 posts

This is just a report of a lot of people saying (kinda) they've been linkedin hacked. Could be your situation, could be something else. I'd heard of this in a couple places but not seeing public reports on it that much yet.

In any case, I wouldn't suggest you get your cybersecurity "best practices" from random guys (like me) on the internet. But there are well known sites that are worth paying attention to, Krebs comes to mind. But there are others as well. This is from (old) linkedin itself:

https://www.linkedin.com/pulse/hackers-spree-hijacking-linkedin-accounts-some-cases-monetizing

edit: The use of identical language in the two posts does make me wonder a bit. I'm thinking the first article was an AI piece that pulled from the second (older) one. Don't know.