Using free WiFi in public spots like coffee shops, malls and hotels can be risky, as hackers monitor them for their next victim.

The availability of free WiFi is speading, as more companies are sharing their networks with consumers. But the majority of them lack security and are the focus of hackers trying to infect users with malware and steal their identities.

"It has become second nature to want WiFi access anywhere and everywhere," said Ryan Jones, managing principal of labs at Coalfire, a Westminster, Colo.-based provider of cybersecurity advisory services.

Restaurants and airports offer WiFi access without cost because customers expect it. In many instances, especially at malls or shopping centers, the connectivity is not installed by the business, he said. Instead, the access comes from a third-party vendor who may not follow basic security guidelines, such as choosing strong passwords for administrative interfaces, disabling unnecessary services or properly enabling wireless encryption when installing the hardware.

Since it is very common for hackers to create their own WiFi access points with similar names to lure unsuspecting people, ask the vendor for the correct name of the WiFi access point and whether it has any security.

Another issue arises after it is installed: The hardware is rarely updated to "remediate vulnerabilities found by the research community," Jones said.

Although experts recommend avoiding the use of public WiFi, the majority of people are loath to skip it. Consumers who must use these networks should restrict it to obtaining directions from a map's application, price comparisons for products or reading a news story.

Shoppers should definitely avoid logging onto their bank account, corporate or personal email or making online purchases using a credit card, Jones said.

Hackers remain ardent fans of public WiFi because so many people are careless when they are using it and forget that cyber criminals are always lurking.

"You should always assume someone is monitoring your data over public WiFi," said Joseph Carson, chief security scientist at Thycotic, a Washington, D.C.-based provider of privileged account management solutions. "Never access sensitive data, such as financial information, do not change your passwords and beware of entering credentials while using public WiFi. If you have a mobile device with a personal hotspot function, use this over public WiFi whenever possible."

TheStreet Recommends

Consumers should also disable the auto-connect option or ask to join networks, he said.

"Hackers will frequently use WiFi access points with common names like airport or cafe so that your device will automatically connect without your knowledge," Carson said. "Do not select the option to remember the WiFi network and be sure to remove yourself when finished."

The number of fake websites keeps rising and one way to mitigate this trend is by using the latest web browsers since they have improved security.

"This prevents someone from hosting their own websites, such as well-known social networks or internet services waiting for you to enter your credentials," he said. "Do not click on suspicious links even via social chats like videos that have your photo, and beware of advertisements that could direct you to compromised websites. Use the incognito mode to limit your location and what cookies get stored on your device."

Even if you are merely watching a video or movie on your smartphone utilizing a public WiFi network, use a Virtual Private Network, or VPN. Consumers should also opt to use their cell network such as 3G, 4G or LTE to increase security is important, Carson said.

Non tech-savvy consumers should stop treating public WiFi as a utility, said Isabelle Dumont, vice president at Lacework, a Mountain View, Calif.-based provider of cloud security solutions.

Image placeholder title

"From the corner coffee shop to the airport, the mall or other public spaces, smartphone users walk around with their WiFi on, assuming their phone has connection, not knowing or caring what they are connecting to," she said.

"Smartphones are obvious targets for cyber criminals, bringing them one step closer to the mobile apps served on the devices and the back-end infrastructure that is often in the cloud supporting these apps."

The responsibility lies with the individuals, especially if they spend a large chunk of time on their smartphones checking their social media accounts, emails or text messages. App developers also have the burden to "keep the intruders at bay," Dumont said.

More of What's Trending on TheStreet: