Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Fight off ‘evil twin’ hotspots with a VPN

How often would you say you connect to a public Wi-Fi hotspot available in cafés, restaurants, airport or hotel? About once a week? Maybe once month?

Eglė Juodytė

Eglė Juodytė

Fight off ‘evil twin’ hotspots with a VPN

Have you ever thought about whether that free, public Wi-Fi you’re connecting to is legitimate, or a fake Wi-Fi hotspot, what’s known as an Evil Twin?

An Evil Twin is a Wi-Fi hotspot set up by a hacker or cybercriminal that is made to look like a real, authentic Wi-Fi hotspot. It mimics the real hotspot in every single way, so that you wouldn’t notice anything different, except for one thing: it wants to steal and intercept your information.

What’s the worst that could happen?

When people connect to Wi-Fi hotspots, they generally behave similarly to how they would behave on their own private networks, accessing sensitive information on a regular basis.

According to the Identity Theft Resource Center, nearly 24% free Wi-Fi patrons have made purchases using credit cards while connected to public Wi-Fi hotspots. The Harris Poll showed that 26% of US adults have checked their bank accounts on these free Wi-Fi hotspots, 9% have paid bills online, and 8% have even sent emails with sensitive information, such as bank accounts or Social Security numbers.

Even worse, according to the ITRC survey, almost 57% have logged into their work-related systems on these public Wi-Fi hotspots (even though, according to the same survey, 79% believe that these Wi-Fi hotspots could lead to identity theft!).

That is a lot of juicy, exploitable personal and financial information.

That’s where hackers and cybercriminals come in. They create these Evil Twin, fake Wi-Fi hotspots to gain access to your network traffic for two main reasons. One, they can eavesdrop on your communications and steal your account numbers, passwords, private photos and videos, and more. Two, they can intercept your traffic and send you to malware sites or fake banking sites. So, this website will look like your authentic bank website; when you enter your username and password, they will have full access to your financial information.

How do they do it?

So, for example, you’re at McDonald’s or your favorite coffee shop, and you see two public networks, “Coffee Shop” and “FREE_Coffee Shop”, you might click on the free one, because that’s what you’re really after. Now instead of being connected to the actual coffee shop hotspot, you’ve just got connected to the rogue one, the Evil Twin.

And if you’re like the people mentioned above in those surveys, you’re very likely to connect to your email and share sensitive information, or engage in online purchases. Even worse (from a corporation perspective), you are more likely than not to connect to your work-related system and put your company’s information at risk.

Airports are particularly susceptible to such methods. According to a BBB report, in 2008 there were 20 Evil Twin hotspots at Chicago O’Hare airport used by cybercriminals to steal and intercept user communications. Even at the Rio 2016 Olympics, Skycure has detected multiple Evil Twin networks hoping to steal tourists’ information.

How can you protect yourself?

If you don’t want to be a victim, there are certain steps you can take.

First of all, according to private investigator Colman Ryan speaking to ABC13, you shouldn’t need to put in a password if you’re connecting a true Wi-Fi hotspot. Also, most (but not all) legitimate Wi-Fi hotspots will ask you to agree to their terms and conditions, so if you don’t see that, it could be another red flag. Then, if the connection speed is quite slow or sluggish, it could be because the information is being rerouted and slowing everything down.

If you encounter any of these warning signs, it is advisable to disconnect from that network.

Beyond that, you should go into your device’s network settings and forget any automatic connections. Doing this, if you’ve connected to an Evil Twin in the past, you would not be automatically connecting to them again.

You can make sure that the Wi-Fi you’re connecting to seems legit, and beware of things that appear spammy. You should also check if the websites you’re connecting to are HTTP or HTTPS, where HTTP website addresses mean that your browsing is not secure and therefore open to hackers.

However, the best option is to use a VPN (Virtual Private Network). VPNs used to be luxury items for large corporations, but in our modern age, VPN services are ubiquitous at competitive prices. However, you shouldn’t go with free options, as they are spotty at best and deceitful at worst.

NordVPN offers multiple layers of security with its Double VPN, which means that as soon as you connect to one of NordVPN’s many secure servers across the globe, your information is encrypted not once, but twice. Native applications for Windows, macOS, Android and iOS are intuitive and extremely easy to use.

Related: Additional Wi-Fi security Tips

There are many great and easy ways to protect your information and keep it truly private, and its best to be proactive to protect yourself and not become the next victim.

How often do you get on free Wi-Fi hotspots? Ever connected to an Evil Twin? Let us know in the comments below!

Online security starts with a click.

Stay safe with the world’s leading VPN

Eglė Juodytė
Eglė Juodytė Eglė Juodytė
Eglė is a UX writer at NordVPN. She designs delightful user experiences with words and shares product updates with our blog readers.

We value your privacy

This website uses cookies to provide you with a safer and more personalized experience. By accepting, you agree to the use of cookies for ads and analytics, in line with our Cookie Policy.