Evil Twin WiFi Scam: How to Stay Safe as Hackers Target Free Networks in Public Places
Find out why officials are warning people who use free WiFi at airports, shops and more
When you’re killing time at an airport or coffee shop, free public WiFi is a great way to stay busy on the iInternet without having to utilize your data plan. As convenient as it may be, however, public WiFi can be dangerous at times thanks to bad actors. This is particularly true in what’s known as the evil twin scam. Though it’s not a new type of cyberattack, it’s been making headlines again as officials hope to warn people of its dangers. Keep reading to learn more about the evil twin scam, what to watch for and how to avoid becoming a victim.
What is the evil twin WiFi scam?
Though the name may sound silly, the scam itself is not. This type of scam takes advantage of locations with public WiFi and preys on unsuspecting customers, travelers or guests at an establishment.
In an evil twin scam, the attacker sets up a fake WiFi access point with the hope that anyone looking to use the Internet will connect to it instead of the legitimate one. According to Kapersky, the attacker is then able to collect any data the user shares with the network.
How the evil twin scam works
Once the bad actor decides to start this scam, they find a location with free WiFi that is frequently used. Airports, libraries, airplanes and coffee shops are all spots that can be prone to these attacks. In fact, an Australian man was arrested in July for stealing data from unsuspecting travelers at an airport.
After the hacker has picked their location, they figure out the official network name (the service set identifier or SSID) and set up a new account using the same unique code/name. To an outside device, these networks are indistinguishable.
To encourage potential victims to connect to the “evil twin” WiFi network, hackers may even go so far as to move closer to people in the location to create a stronger connection than the legitimate network, reports Kapersky.
The key to this scam comes in the form of a fake login page—without which, the hacker cannot gain access to your device. Many public WiFi accounts require you to fill out information on a generic login page before you can use the Internet. The hacker will follow this format, as well. They will create an identical fake login page, forcing people to enter their personal information to connect to the WiFi.
Why is the evil twin WiFi scam bad?
Evil twin scams are particularly dangerous because the network may seem legitimate thanks to its name, and it will have a strong connection. This can also be true if the hacker discovers a location doesn’t have free WiFi, but hopes guests at the establishment will assume it’s offered. “If an attacker managed to set up a rogue access point nearby, with the company name and ‘Free Wifi’ or ‘Guest’, the users may unknowingly connect to this thinking it belongs to the known company,” writes a Reddit user in this thread.
Even more concerning? You may be suspicious of an evil twin attack, but your device won’t know any better. If you have auto-connect enabled, your phone, laptop or tablet may take you right to that fake network. “Devices with auto-connect often do so via a Wi-Fi’s SSID, meaning it can’t differentiate between legitimate Wi-Fi networks and evil twin ones,” write the pros at the software company Varonis.
Whether you or your device is connected to the fake network, the convincingly authentic login page is where the problems usually start. Once the hackers have your credentials, they can log in to the network and control it.
“You think you’re going to a trusted site. They might ask you for a username and password. Let’s say, well, now you just gave up your username and password. Maybe it’s another site where they need your credit card information,” Anthony Mongeluzo, a cybersecurity expert and the president of the cybersecurity firm, PCS, told Fox News 13.
This is known as a “man-in-the-middle attack,” which means the hacker can monitor all your online activity. They may be able to steal your banking information, address, account information and more. If the hacker is particularly knowledgeable, they could potentially infect your device with malware or ransomware that provides them with continued access even after you’ve logged off the WiFi. (Find out more about another sophisticated cyber scam).
What to do if you’ve been impacted by an evil twin WiFI scam
If you suspect you have fallen victim to an evil twin scam, immediately change the passwords for all your accounts. This will keep the hacker from being able to utilize any more of your information. In the unfortunate event that you suffer financial loss, reach out to your bank or credit card company immediately.
For particularly serious data breaches, it’s worth contacting your local police department to report the crime.
How to protect yourself from evil twin scams
The first step to take when you’re in a public place and want to utilize the free WiFi? “Verify the WiFi network is legitimate with the provider before connecting and check reviews of apps before downloading them to your phone,” Florida Attorney General Ashley Moody said in a statement, reports WFLA.
Sometimes the WiFi name in an evil twin scam will have some misspelled words, which makes it easier to tell that it’s fake. You may also notice that your device will warn you that a connection is not secure–even if it looks legitimate. In that case, it’s best to not connect to it.
Other ways to stay safe:
- Use your phone hotspot instead of public WiFi. “This is because you’ll be connected to a reliable network when you’re out and about, which reduces the risk of hackers accessing your data,” suggests Kapersky. “Set a password to keep your access point private.”
- Only browse websites that use HTTPS connections in the URL, which means it is secure. A padlock symbol will also prove a website is protected.
- Disable auto-connect on your device. This will keep it from automatically connecting to networks you have used before, including unknown evil twin networks.
- Avoid conducting financial transactions or logging into banking or credit card websites when utilizing public WiFi.
- Consider using a VPN. These can prevent online hackers from monitoring your online activity even if you do end up on an evil twin WiFi network.
Conversation
All comments are subject to our Community Guidelines. Woman's World does not endorse the opinions and views shared by our readers in our comment sections. Our comments section is a place where readers can engage in healthy, productive, lively, and respectful discussions. Offensive language, hate speech, personal attacks, and/or defamatory statements are not permitted. Advertising or spam is also prohibited.
