You should think very carefully before setting up a wireless router. Yes, I’m well aware that you have a lot of devices which use wireless routers to communicate with the Internet. So, you want to have great connectivity, at home, at your office, all the time. Go ahead and set up that router, but do so thoughtfully, and do not leave the default username and password settings as they are from the factory.

What you do not want is to have your private information escape from your control. And, criminal hackers do want that private info.

So, you should never, ever click on any link that is sent to you in e-mail by an unknown person. You should probably use AdBlocker and other software to limit how many links you see on browsing the web. You should not click on everything you see on the web, either.

If you cannot see the destination URL, or if it looks strange, or if it looks like it would take you somewhere unrelated to the graphic or text of the link, don’t click on it. Perhaps copy it to your clipboard and paste it into a search window to see what you can find out about it.

But, you may not be the only person in your home. Guests, children, people across the way, and in an office situation any number of people — vendors, customers, interns, or visitors — may be using your wireless router to connect their devices to the Internet. Tell them all you want about not clicking on links they get in e-mail, or weird links on the web, and they will still click. Either they are oblivious to the dangers, or they don’t care, or the allure of the graphic or text of the link is so great they cannot resist.

Ok, so what happens if one of these links gets clicked? In a recent situation reported at Krebs on Security, the destination page executes some scripts that hack the wireless routers available to the device (laptop, tablet, cell phone) reaching the site from the clicked link. Those scripts use the known factory default settings for username and password to force the wireless router to set the criminal hackers in charge of domain name service (DNS).

They use their DNS server for secure links to sites they know would ask for your credit card info or other private data. The criminals know enough to set Google’s DNS server to feed your device all other traffic, so you don’t become suspicious, or report your troubles to a competent computer tech.

Using their DNS server and their web servers, the criminal hackers send your secure traffic not to the actual sites you want to buy from, but to look-alike sites which then harvest all the credit card or other data. And then you get a huge credit card bill, and your howls of lament are heard all over your neighbourhood.

In my essay “Central Security” you’ll find a number of tips about ways to disable scripts, block ads, and protect yourself from cookies and other stuff used to compromise your privacy. Obviously, if you are blocking scripts, and only allowing those scripts from sites and services you trust, you are doing what you can to limit even the bad results that obtain if you click on a link sent to you in e-mail by an unknown person.

But, if your wireless router is open to other users, you cannot prevent them from leaving their web browser open to running scripts. And you cannot really prevent them from clicking on links, either. So, although the attack in question seems to have originated in and been isolated to Brazil, there is no reason to suppose it won’t show up elsewhere.

That should mean, to the very careful user, that hotels and restaurants with open or easy-to-access (just ask your waiter or the front desk clerk for the info) wireless routers may become vulnerable. If you are tech-in-charge of such a site, you should safeguard the router by changing the default access username and password, of course. And don’t privilege the random usernames that you’ll be giving out to customers. But if you aren’t the tech in charge, you should be very careful about trusting open wireless networks.

The privacy you protect may be your own.