When you’re away from home or the office, you’ll often want to connect to wifi—whether you need to check your emails, write a report, download a Spotify playlist, or just aimlessly scroll through social media.
And many public places, from bars and restaurants to stores and even transit hubs, will now serve up wifi for you. These networks are easier to find than ever, and are much more secure and safe than they used to be too (no one wants to get in trouble for a hack that happened on their wifi).
But even with security improvements over the years, there’s one key wifi security issue you need to be aware of when connecting to networks while out and about: fake or “evil twin” wifi hotspots set up by bad actors. These can dupe you into connecting to them, and then grab data from you as you browse the network.
How the scam works
Credit: Lifehacker
It doesn’t take much to set up a public wifi network: You could buy a wifi mobile hotspot, set it up with a SIM or eSIM, and then create a network that way. Alternatively, you could even just use your phone or laptop, as long as it had a cellular connection which you would then be able to share with the wider world as a wifi network.
Say you do this while sat in a hotel lobby or coffee shop, and then give it an innocuous name such as ‘GUEST_WIFI’. Chances are that several people in those areas are going to be looking for a wifi network to connect to, and they might just choose yours—which then gives you a certain level of oversight over what these other people are doing online.
At that point, any kind of login details entered into that fake wifi network can be captured by the person running the network—particularly if they’re going to direct you to a spoof login page that asks for certain credentials to continue. In some cases, malware could be pushed to your devices.
To make the scam even more convincing, sometimes the fake wifi network will be set up with the same name and password as a legitimate one—say, if these details are displayed in public somewhere. Depending on which network has the strongest signal, your devices might see the untrustworthy wifi first.
How to stay safe
Credit: Lifehacker
As well as just being aware this scam exists and applying extra caution accordingly, always connect to wifi networks that are officially advertised, via signs, menus, guest information, and/or official websites. If you’re in doubt, you can always check with a member of staff wherever you are.
Be wary of connecting to any wifi network you see that doesn’t need a password to access it without a good reason—especially if there’s no splash screen telling you you’re in the right place (with a hotel or restaurant information page included, for example). Watch out for generic wifi network names that could apply anywhere.
If someone has tried to spoof the exact same wifi network as an official, legit one, then you should see both in the list of networks available on your device. At that point it’s a very good idea to avoid connecting to either of them until you’re able to verify which one is safe.
Many public wifi networks will greet you with a login or registration page, but on fake evil twin networks these will often ask for more information than is reasonable, or ask you to log into a sensitive account of some kind. They may well look basic and hastily constructed, without any official logos or information from the place you’re in.
The standard public wifi rules always apply, as well: Keep banking and other sensitive tasks for your home wifi, get your devices to forget public wifi networks when you’ve finished using them, keep all your devices (and their browsers) up to date, and get one of the best VPNs in place to add some extra protection to your browsing.
