MATT LAUER, co-host: In coffee shops and airports you can instantly be linked to the Internet via your wireless computer. But with the convenience comes a risk, and Jim Stickley, an identity theft and cybercrime expert with TraceSecurity, knows just how costly it can be.

It's the age of wireless. Countless businesses advertising so-called hot spots. Trying to lure customers and the laptops with convenient access to the Internet.

Mr. JIM STICKLEY (TraceSecurity): Wireless is still in its infancy, it's still early in the whole grand scheme of things because you don't know where these points are, you don't know where they're from.

LAUER: Wireless signals are broadcast from coffee shops, airport, even private homes. But how can you be sure they're safe?

Mr. STICKLEY: You open up your computer and you see a little list, and that list shows you the wireless access points that are available to you. Well, that person that's broadcasting in that wireless could be a very malicious person who's trying find a way into their network.

LAUER: To demonstrate, Jim Stickley from TraceSecurity checked into a hotel where there are countless wireless users, and cast out the bait.

Mr. STICKLEY: The hotel itself provides a service and they charge about $12.99 for 24 hours of use. That's a lot of money for somebody who needs to use the Internet for 10 minutes. So what we're gong to do is we're going to offer a service that costs only $1.99 for 24 hours. They're going to get a little prompt and it's going to say, 'Hey, pay this amount,' and so they'll type in their credit card.

LAUER: But what users don't realize is the credit card they enter is sent to this computer just a few rooms away.

Mr. STICKLEY: So they'll connect to our computer, our computer in turn will connect out to the real Internet, and so we can also monitor everything they're doing.

That's basically their log-in page. So they opened their wireless, they opened up their browser for the very first time. This is what they see.

LAUER: A few hours later, we got a hit.

Mr. STICKLEY: We have a guy by the name of Steve who's used a Visa card. He's actually submitted this credit card twice to us, two times in a row.

LAUER: After a quick call to the front desk, we were able to connect to Steve's room.

Mr. STICKLEY: You did check with him? Beautiful.

LAUER: Steve wasn't willing to talk on camera but informed us that after he'd entered his credit card information, a glitch in the system kicked him off line. He asked a work colleague Curt to take a look.

CURT: What he was trying to do was purchase Internet from I guess this place that you created, and that's where the trip-up was. And then I went over and then went through iPass through the land lines. I know that the wired is more secure than the wireless.

Mr. STICKLEY: Exactly what you should do.

CURT: That's what--that's what I did.

Mr. STICKLEY: Here it is right here.

LAUER: If Jim were a real hacker, much of the damage would already be done.

Mr. STICKLEY: We do still have, obviously, his credit card information, so if we were malicious, we've got something very, very valuable that could be very damaging to him. We also have access to his computer. Because he's on our network, we can start attacking his computer. So if he has any vulnerabilities, we can then exploit those vulnerabilities and take over his computer.

LAUER: By the end of the night, four other people attempted to log on but never completed the transaction. Jim says the dangers of wireless are greatly underrated.

Mr. STICKLEY: This could happen to anybody anywhere. It's as simple as what he just did, typed in his credit card number and he's scammed. It's that simple. You could do it at a Starbucks, you could to it in an apartment building. People think they're getting a deal and in reality, it's going to cost them a lot more in the long run.

LAUER: Jim Stickley from TraceSecurity is with us in the studio this morning.

Hey, Jim, how are you?

Mr. STICKLEY: I'm doing well.

LAUER: You're scary good at this. It is possible to protect yourself 100 percent of the time or is that just forget it?

Mr. STICKLEY: Just forget it. It's not possible. And the main reason is that right now, you're going out onto a wireless access point. You have no idea where it is. So it's not possible to know what you're truly getting into.

LAUER: So how do you minimize the risk?

Mr. STICKLEY: Well, if you're in a hotel, for example, I mean, most of the time, they'll give you a choice between wireless or you can use the wire at the desk. Use the wire. That's going to be a simple way to be guaranteed you're on their network. If you're at home or let's say you're in an apartment building and you're trying to scam that free Internet because you don't want to pay...

LAUER: Right.

Mr. STICKLEY: ...be aware, someone might be trying to scam you.

LAUER: So you think you're getting a wireless signal from the neighbors or something like that, and hey, I'll take advantage of this, they could be taking advantage of you.

Mr. STICKLEY: That's exactly right and it's easy for them to do. And that could monitor everything you're doing. And also, keep up with your security updates, your patches, that type of thing.

LAUER: If you log on and you're being scammed, how do you know if you're--if you're on a malicious connection?

Mr. STICKLEY: It's tough. The main thing you can do is if you go to a secured site. Let's say you're going to online banking. Well, if they're trying to monitor what you're doing, somebody's in between, when you go to hit that site, you're going to get a little notice that's going to pop up. It's a security warning that'll say something to the effect that your security certificate is bad for this site. That's the only real indication you're going to have there's a problem. If you hit OK, at that point, you're hosed. So you really need to say no, stop at that point, and just call it good.

LAUER: Your company provides a link for people to help them out. Explain how that works.

Mr. STICKLEY: Oh, sure. Scam Alert. Basically, we found that there's so many people out there that are getting scammed or that are potential victims of scams and just don't know where to turn. So what we've done is we've put up a free service where people can go, learn about all the new scams that are coming out, and also if they have questions, they can submit their questions and our engineers will review it, give them answers, possibly turn them over to the authorities to help out to get the issue resolved.

LAUER: And share that information with other people so you kind of create a database of these scams that are going on.

Mr. STICKLEY: Exactly.

LAUER: All right. Jim Stickley, thank you very much. Nice to have you here again.

And TODAY's online correspondent, Lynn Berry, takes you--this is tomorrow--takes you behind the scenes on how the story was produced. To check that out--actually, it's on our Web site--just go to our Web site at todayshow.com.

# # #