Aware360 Pro – Module 12: Safe Use of Public WiFi & Devices (Expanded)

Module 12 • Public WiFi & Device Security • Aware360 Pro

Safe Use of Public WiFi & Devices

Airports. Coffee shops. Hotels. Schools. This module shows teens and adults how to stay safe on public WiFi, avoid device cloning, stop hotspot scams, and protect phones, laptops and payments.

📶 Public WiFi & Evil Twins

🎭 Man-in-the-Middle (MITM)

📱 Device cloning & juice jacking

🛡️ VPN – what it does & doesn’t do

🔐 Hotspots, QR codes, Bluetooth, NFC

🏨 Hotel WiFi, TVs & printers

🧠 10Q + 20Q quizzes

📘 Module Overview

Public WiFi and shared devices are built for convenience, not safety. This module turns “just connecting” into “connecting with a shield on”.

    Big idea: Assume public networks are hostile. With a few habits – VPN, verified networks, safe charging, locked devices –
    you can still use them without handing attackers your life.
  

What this module covers

Public WiFi risks, Evil Twin hotspots and MITM attacks.
Device cloning, “juice jacking” and fake chargers.
Safe browsing habits, HTTPS, and browser hygiene after public WiFi.
QR code traps, Bluetooth/AirDrop risks, NFC & contactless payments.
Hotel WiFi, smart TVs, printers and remote work in public places.

Who this is for

Teens gaming, streaming or scrolling on school / café / fast-food WiFi.
Adults working from coffee shops, trains, airports, hotels.
Travellers connecting “just for a second” to check email or banking.

Most people never realise they were hacked on public WiFi.

📶 Public WiFi Basics & Risks

Public WiFi isn’t free. You pay with risk. Your job is to shrink that risk as much as possible.

Typical public WiFi locations

Coffee shops, fast-food chains, shopping centres.
Airports, train stations, buses.
Hotels, hostels, holiday parks.
Schools, colleges, libraries.

Main dangers

Open networks (no password) – anyone can see traffic.
Fake networks (Evil Twins) pretending to be the real WiFi.
Attackers sniffing unencrypted traffic or logins.
Redirects to fake login pages to capture credentials.

If a network is open and unknown – act as if someone is watching everything.

Safer connection habits

Always ask staff for the exact WiFi name.
Prefer networks that use WPA2 / WPA3 with a password.
Turn off “auto-join” / “auto-connect” to public networks.
Use mobile data instead of public WiFi for sensitive tasks if possible.

What to avoid doing on public WiFi

Online banking (unless using a trusted VPN).
Accessing sensitive work systems or client data.
Logging into email or main social accounts on unknown networks.
Typing passwords into pop-up captive portals that look suspicious.

If it would be painful to lose, don’t do it on unknown WiFi.

🎭 Attacks, Evil Twins & Man-in-the-Middle

Not all WiFi is what it says it is. Some networks are dressed up traps.

Evil Twin hotspots

Attacker creates “Costa_Free_WiFi” or “Hotel-Guest-WiFi” that looks official.
You connect by mistake instead of the real network.
All your traffic goes through the attacker’s device first.

Man-in-the-Middle (MITM) basics

Attacker sits between you and the internet – a hidden middleman.
Can read, log or alter unencrypted traffic.
Might steal session cookies (“remember me” logins), not just passwords.

To you, everything looks normal. To them, your traffic is an open book.

What they can steal or change

Logins from apps or sites not using proper HTTPS.
Password reset links sent via email.
Session tokens that let them impersonate you.
Web pages – they can inject their own forms or adverts.

Defence against Evil Twins & MITM

Confirm network name with staff – never guess based on signal bars.
Use a reputable VPN whenever you’re on public WiFi.
Check for https:// and the padlock before entering passwords.
Log out and change important passwords if something feels off.

VPN + verified network + HTTPS = strong defence on public WiFi.

📱 Devices, Charging & Physical Risk

Your phone and laptop are targets – not just online, but through cables, chargers and hands.

“Juice jacking” & fake chargers

Public USB ports can be modified to steal data or install malware.
Fake “fast chargers” may actually be data exfiltration tools.
Some malware pretends to be a normal device to your phone.

If a charger asks for access to your files – unplug.

Safe charging habits

Use your own power brick plugged into a mains socket wherever possible.
Carry a USB data blocker for travel (charges power only, no data).
Never accept random chargers or power banks from strangers.

Safe laptop use in public

Always lock the screen (Win+L / Ctrl+Cmd+Q) when you stand up.
Use a privacy screen to stop shoulder-surfers reading your work.
Disable auto-login to critical apps on shared or public networks.
Don’t leave laptops on tables while ordering or going to the toilet.

Physical device theft & loss

Use a strong passcode + biometrics (Face ID / fingerprint).
Turn on “Find My Device” and remote-wipe features.
Set devices to auto-lock quickly when idle.
Enable automatic wipe after multiple failed passcode attempts.

Assume your device may be lost or stolen at some point – plan for that day in advance.

📡 Hotspots, QR Codes & Hidden Traps

Attackers abuse your convenience: auto-join, quick QR scans, easy tethering.

Hotspot hijacking

Attackers copy your phone’s hotspot name to make others connect.
They can mimic phone hotspots like “iPhone (Steve)” nearby.
If your device is set to auto-join certain networks, it may connect silently.

Securing your personal hotspot

Use a long, strong hotspot password – not the default simple code.
Disable hotspot when you’re not actively using it.
Limit the number of connected devices and check them regularly.

Your hotspot is a mini router – protect it like one.

QR code WiFi attacks

Posters with “Scan to join WiFi” can be swapped with fake QR codes.
Fake QR codes can redirect to malicious websites or cloned logins.
Some codes auto-configure networks on your phone.

Safe QR scanning rules

Only scan QR codes in trusted locations (e.g. on the official menu or counter).
If a QR label looks stuck over another, be suspicious.
Check the URL that appears before you tap “open”.

If you wouldn’t click a random link online, don’t scan a random QR offline.

🌐 Browser Security & Remote Work

Your browser is the window attackers look through if you leave it wide open on public WiFi.

HTTPS & secure browsing

Only enter passwords on sites using https:// (padlock icon).
If the browser warns that a page is “Not secure”, back out immediately.
A VPN helps, but HTTPS is still essential – they work best together.

Browser hygiene after public WiFi

Log out of important accounts when you finish.
Clear browsing history and cookies if you used shared/public computers.
Disable “save password” prompts on devices that aren’t fully yours.

Leaving no trace on shared devices closes doors behind you.

Remote working in cafés & hotels

Use your company’s VPN or remote access solution – not direct open WiFi.
Never store confidential documents only on a café laptop or shared machine.
Use encrypted storage (BitLocker/FileVault) for work laptops.

Shared / public computers

Never log into banking or primary email on a public PC.
If you MUST log in, change your password afterwards from a trusted device.
Always hit “log out” and close the browser when finished.

Shared computers can keep you logged in or hold your autofill data.

🏨 Travel WiFi, Hotel TVs & Printers

Hotel WiFi and smart devices are part of the trip – and part of the attack surface.

Hotel WiFi & ethernet

Hotel WiFi is shared with dozens or hundreds of strangers.
Even wired ethernet in rooms may be part of the same flat network.
Treat hotel networks like any public network – VPN ON for sensitive work.

Smart TVs & streaming logins

Hotel TVs often let you log into Netflix, YouTube or other apps.
If you forget to log out, the next guest can use your account.
Some hotel systems store viewing history or app sessions.

Always use built-in “log out of all apps” before you check out.

Printers & business centres

Public printers may keep copies of recent print jobs.
Don’t print confidential work documents on untrusted printers.
Delete your files from shared desktops after use.

Remote work in hotels

Face your screen away from doors and corridors.
Use headphones for sensitive calls – not loudspeaker.
Lock your laptop in a safe or use a cable lock when you go out.

📳 Bluetooth, NFC & Contactless Payments

Wireless makes life smoother – it also opens invisible paths to your device.

Bluetooth & AirDrop risks

Attackers can scan for open Bluetooth devices in crowded places.
Old vulnerabilities (e.g. BlueBorne-type attacks) targeted insecure Bluetooth stacks.
Open AirDrop can invite random files or offensive content onto your device.

Safer Bluetooth habits

Turn off Bluetooth when you’re not using it.
Set AirDrop / nearby sharing to “Contacts only” or “Receiving off”.
Remove old paired devices you no longer recognise.

If you don’t need it on, turn it off.

NFC & contactless payments

NFC is short range – but in crowded spaces, sneaky readers can get close.
Contactless cards can be skimmed if not shielded.
Phones with wallet apps offer more control (PIN, biometrics).

Safe payment practices

Use digital wallets with strong device locks rather than bare contactless cards.
Consider RFID-blocking wallets for physical cards.
Check statements frequently for small “test” payments you don’t recognise.

Small unknown charges can be test-runs for bigger fraud.

    VPN myths – what it does & doesn’t do:

    ✔ Encrypts your traffic on public WiFi so local attackers can’t read it.

    ✔ Hides your IP/location from local networks.

    ✖ Does not make you invincible – if you type your password into a fake site, a VPN can’t save you.

    ✖ Does not fix weak passwords or bad sharing habits.

🎭 Real-World Scenarios

Use these as mini “what would I do?” drills for teens, adults and families.

Scenario 1 — Coffee Shop Evil Twin

“Which WiFi is real?”

You’re in a coffee shop. Staff say, “Our WiFi is ‘CoffeeHouse_Guest’.” Your phone shows two networks: “CoffeeHouse_Guest” and “CoffeeHouse_Guest_FREE”.

Possible risk:

The second network is an Evil Twin hotspot set up by an attacker.
If you connect, they can intercept unencrypted traffic.

Safe actions:

Ask staff to confirm the exact spelling of their WiFi.
Only connect to the one they confirm.
Turn on your VPN before logging into anything important.

Conversation idea: “We never choose a network just because it looks similar – we always confirm the real one first.”

Scenario 2 — Airport USB Charger

“Permission needed to charge”

You plug your phone into a free airport USB port. A pop-up appears: “Allow this device to access your photos and files?”

The charging station or attached device might be trying to copy data or install malware.
This is a classic “juice jacking” risk.

Tap “Deny” and unplug immediately.
Use your own charger in a mains socket instead.
Consider using a USB data blocker when you must charge via someone else’s port.

Lesson: “Charging should never need access to your files. If it asks – that’s a red flag.”

Scenario 3 — QR Code on the Counter

“Scan to join WiFi!”

A café has a laminated QR code stuck on the counter: “Scan to join FREE WiFi.” The code sticker looks slightly crooked and is peeling.

Someone may have placed a fake QR code over the real one.
It could lead to a malicious website or configure a rogue WiFi profile.

Ask staff if that QR code is genuine or if they have the WiFi details printed elsewhere.
Check the URL shown before you open it – if it looks strange, cancel.
If in doubt, don’t scan – get the WiFi name and password verbally.

Key message: “QR codes are links you can’t read until after you scan – so we treat them like unknown links on the internet.”

Scenario 4 — Hotel Smart TV Login

“Sign into Netflix to continue”

In your hotel room, the TV invites you to “Sign into your streaming account to continue watching”. You’re tired and tempted to log in quickly.

If you forget to log out, the next guest can use your account.
Some hotel systems may store or mishandle your login session.

If you do log in, use the TV’s “Log out of all apps” or “Reset TV” before check-out.
Consider using a portable streaming stick you manage yourself instead of logging into hotel systems.

Habit: “Whenever we log into something on a device that isn’t ours, we make a mental note to log out again before we leave.”

Scenario 5 — Phone Stolen from Table

“It was just there…”

At a busy bar, your phone is on the table. Someone asks for directions, spreads a leaflet on the table, then walks away. Your phone is gone.

Your phone was likely taken using a distraction technique.
If unlocked, the thief may access apps, email and payments.

Use “Find My Device” from another phone to locate or remotely wipe it.
Change passwords for email, banking and main apps.
Contact your bank to block cards in digital wallets if necessary.

Future safety: “Phones live in pockets, bags or hands – not on tables. Auto-lock fast. Use strong passcodes.”

✅ Public WiFi & Device Safety Quizzes

Two difficulty levels: warm-up and deep dive. Use them as safety drills for home, school or workplace.

Choose Quiz Mode

Quick Check • 10 Questions

💡 After the quiz, choose one real change: e.g. disable auto-join WiFi, install a VPN, or buy a USB data blocker.