Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Blog How-To

Fight off ‘evil twin’ hotspots with a VPN

Eglė Juodytė

Eglė Juodytė

Aug 17, 2017 · 4 min read

Fight off ‘evil twin’ hotspots with a VPN

How often would you say you connect to a public wifi hotspot available in cafés, restaurants, airport or hotel? About once a week? Maybe once month?

Have you ever thought about whether that free, public wifi you’re connecting to is legitimate, or a fake wifi hotspot, what’s known as an Evil Twin? An Evil Twin is a wifi hotspot set up by a hacker or cybercriminal that is made to look like a real, authentic wifi hotspot. It mimics the real hotspot in every single way, so that you wouldn’t notice anything different, except for one thing: it wants to steal and intercept your information.

What’s the worst that could happen?

Screen Shot 2016-08-17 at 6.43.22 PM When people connect to wifi hotspots, they generally behave similarly to how they would behave on their own private networks, accessing sensitive information on a regular basis. According to the Identity Theft Resource Center, nearly 24% free wifi patrons have made purchases using credit cards while connected to public wifi hotspots. The Harris Poll showed that 26% of US adults have checked their bank accounts on these free wifi hotspots, 9% have paid bills online, and 8% have even sent emails with sensitive information, such as bank accounts or Social Security numbers. >Even worse, according to the ITRC survey, almost 57% have logged into their work-related systems on these public wifi hotspots (even though, according to the same survey, 79% believe that these wifi hotspots could lead to identity theft!). That is a lot of juicy, exploitable personal and financial information. That’s where hackers and cybercriminals come in. They create these Evil Twin, fake wifi hotspots to gain access to your network traffic for two main reasons. One, they can eavesdrop on your communications and steal your account numbers, passwords, private photos and videos, and more. Two, they can intercept your traffic and send you to malware sites or fake banking sites. So, this website will look like your authentic bank website; when you enter your username and password, they will have full access to your financial information.

How do they do it?

Screen Shot 2016-08-17 at 6.43.34 PM So, for example, you’re at McDonald’s or your favorite coffee shop, and you see two public networks, “Coffee Shop” and “FREE_Coffee Shop”, you might click on the free one, because that’s what you’re really after. Now instead of being connected to the actual coffee shop hotspot, you’ve just got connected to the rogue one, the Evil Twin. And if you’re like the people mentioned above in those surveys, you’re very likely to connect to your email and share sensitive information, or engage in online purchases. Even worse (from a corporation perspective), you are more likely than not to connect to your work-related system and put your company’s information at risk. Airports are particularly susceptible to such methods. According to a BBB report, in 2008 there were 20 Evil Twin hotspots at Chicago O’Hare airport used by cybercriminals to steal and intercept user communications. Even at the Rio 2016 Olympics, Skycure has detected multiple Evil Twin networks hoping to steal tourists’ information.

How can you protect yourself?

If you don’t want to be a victim, there are certain steps you can take. First of all, according to private investigator Colman Ryan speaking to ABC13, you shouldn’t need to put in a password if you’re connecting a true wifi hotspot. Also, most (but not all) legitimate wifi hotspots will ask you to agree to their terms and conditions, so if you don’t see that, it could be another red flag. Then, if the connection speed is quite slow or sluggish, it could be because the information is being rerouted and slowing everything down. If you encounter any of these warning signs, it is advisable to disconnect from that network. Beyond that, you should go into your device’s network settings and forget any automatic connections. Doing this, if you’ve connected to an Evil Twin in the past, you would not be automatically connecting to them again. You can make sure that the wifi you’re connecting to seems legit, and beware of things that appear spammy. You should also check if the websites you’re connecting to are HTTP or HTTPS, where HTTP website addresses mean that your browsing is not secure and therefore open to hackers. However, the best option is to use a VPN (Virtual Private Network). VPNs used to be luxury items for large corporations, but in our modern age, VPN services are ubiquitous at competitive prices. However, you shouldn’t go with free options, as they are spotty at best and deceitful at worst. NordVPN app for Android NordVPN offers multiple layers of security with its Double VPN, which means that as soon as you connect to one of NordVPN’s many secure servers across the globe, your information is encrypted not once, but twice. Native applications for Windows, macOS, Android and iOS are intuitive and extremely easy to use. Related: Additional Wi-Fi security Tips There are many great and easy ways to protect your information and keep it truly private, and its best to be proactive to protect yourself and not become the next victim. How often do you get on free wifi hotspots? Ever connected to an Evil Twin? Let us know in the comments below!