Hackers could impersonate AT&T Wi-Fi to attack your phone

HOUSTON -- Public Wi-Fi is available almost everywhere you go. But if you're not careful, some smartphones could automatically connect to a hacker's hotspot, without the user even knowing.

Barbara Jones doesn't leave home without her phone. Like many smartphone users, she never turned off her Wi-Fi either.

"I never did mess with it because I would automatically connect once I got home and never thought of turning it off," Jones said.

RELATED: Apple releases update to address security flaw in High Sierra operating system

Little did she know her phone was vulnerable.

"It automatically connected to an impersonation Wi-Fi, and I didn't do anything," Jones told us.

Her data could have been compromised by what's called a 'man in the middle' attack. Whether you have an Android or iPhone, I.T. Expert and forensic investigator Colman Ryan says it doesn't matter what phone you have, because hackers can take advantage of a popular public Wi-Fi network.

RELATED: 7 on Your Side: Is identity theft insurance worth it?

"They're impersonating the AT&T Wi-Fi network," Ryan explained.

For any cellphone using AT&T, those devices are preprogrammed to automatically connect to the company's public Wi-Fi network labeled "attwifi."

However, Ryan says there are hackers out there creating their own Wi-Fi hotspots, labeling them "attwifi." They're banking on your device to connect to their network to capture your information.

"The attackers want your email credentials because we have so much valuable information stored in our email or in our iCloud or Gmail drive," Ryan said.

RELATED: Uber's concealed data breach affects 57 million users

To protect yourself, go into your phone's settings and turn off the auto join function. But in order to do so, you need to connect to an actual attwifi network.

To further protect your accounts, Ryan says to enable 2-step verification on any and all your accounts that allow that option.

One more piece of advice: just turn off the Wi-Fi on your phone anytime you go out in public.

In response to our story tonight, AT&T issued a statement:

RELATED: UC Berkeley professor helps create viral video to warn about killer robots

"We work hard to educate customers on how to keep their device and personal information safe. We encourage customers to visit our Cyber Aware website, which offers security tips on a variety of topics, including safe Wi-Fi use."

As part of this story, we sent AT&T a 2014 article detailing the same security concerns while auto-connecting to WiFi networks. The statement goes on to read:

"Since this article was published three years ago, we have made VPN available, which adds an additional layer of encryption. Customers always have the option to turn-off WiFi."

Click here for the latest stories and videos about identity theft.