Does your favourite wifi hotspot have an evil twin? How would you know an evil twin wi-fi hotspot if you saw one? Just what is a wifi hotspot evil twin, anyways?
Remember the Patty Duke show? When Patty and her identical cousin Cathy would pull the old switcheroo, and Cathy, who was very goody-goody would be replaced with Patty, who was a bit more wild?
Well, it’s the same concept. Only much more insidious.
You’re sitting at your favourite wi-fi hotspot cafe, sipping and surfing. Your computer finds the wifi hotspot for you, and brings up the log-in page. It may be a T-Mobile page, if you are sitting at a Starbucks or Borders, or it may be some other page, and you log in. Or there may be no log-in page at all – your computer may just connect to the “hotspot”, if that’s how that cafe is set up.
Only, the “hotspot” to which you have connected isn’t actually the cafe’s wi-fi hotspot at all. It’s some hacker who is in the area, quite possibly sitting next to you sipping his Evil Twin Mochachino with extra Hack, who has his laptop with him and set up to work as an access point – a machine through which you can connect to the Internet.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Your computer thinks it’s the cafe’s legitimate wi-fi hotspot; his computer thinks “sucker”.
You, oblivious to the fact that your connection has been hijacked by the evil twin, sit there sucking down the caffeine while his computer sits there sucking down your personal information, anything you transmit from your computer to the Internet, reading your email – you name it, he’s capturing it.
Ouch.
So how can you avoid a blind date with the Evil Twin?
First and foremost, check your wi-fi settings on your computer! (“Well, duh,” you say, to which I say “duh indeed!”) Is your computer set to search out and lock on to the nearest wifi hotspot? If so, the next hotspot may be an evil twin hotspot. Change that setting.
Second, think very carefully before you send any sensitive data when using a public wi-fi hotspot. Ask yourself this question: “Which is more important? That I perform this transaction right now? Or that this data not fall into the hands of the wrong person – such as the Evil Twin Hacker?”
Third, know your sites. If you have to conduct sensitive business on the Internet, from a wifi hotspot, take extra care to really scrutinize the page you are on before sending any sensitive information. These guys are good. They can recreate, fake and serve up a lot of commonly used pages. Make sure that the page really is a secure page (look for the little key at the bottom of your browser or whatever your browser uses to indicate “secure”).
Also, if you must conduct financial transactions on the Internet, from public hotspots, instead of using a credit card consider using a debit card which is not tied to any other of your accounts, and keep only a limited amount of funds in the account. That way if your account is compromised, you can fairly easily contain the damages to just the amount in the account, and close the account.
By the way, a few of you have asked us why in this article we have used both “wifi” and “wi-fi” interchangeably. It’s because this is such an important issue that we want people searching for it either way to be able to find it.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
CallingID is a brouser plugin that will warn you if you are on a risky or bogous website. I have been using it for several months, it is free and easy to use.
Here is a link to a service called Hotspot VPV. It encrypts all traffic between you and the web as it traverses public hotspots.
Here is a link to a service called Hotspot VPN. It gives you a secure tunnel to the internet. It keeps any traffic between you any the web encrypted as it passes through a Hotspot. Our security guru says this is a must have for business travellers.
So, how DOES one avoid Evil Twin hotspots or find out if on one? What IS the setting mentioned in “First and foremost”. The article doesn’t answer that, and would be an EXTREMELY helpful fix.
In the United States, credit card losses are limited to $50, and most credit card companies don’t even make you pay that.
If is much safer to use a credit card than a debit card in the US.
The idea behind a debit card is to limit your losses. DON’T use one tied to your bank account!
If you pre-load it with $100, and someone gets it, they can only get that $100. If for some reason you put $1000 on the card, and they try to charge $2000 against it, it should be declined.
That said, I agree that using a throw-away number tied (briefly) to a credit card is probably safer in the long run.
Why say use a debit card? I am not sure what my banks issues are on fraudulant purchases, but with a debt card wouldnt you lose your money faster, or have more issues. Say if you only had $1000 and they used $2000, you would get charged for then, then have to say it was fradulant, whereas with a credit card, they can usually hold that ammount that was “stolen” until a resolution is resolved on the issue. I know this about the credit cards only because despite my frantic abilities of checking, thinking i was secure, and only using my credit card in a few locations, and ALWAYS made sure it was a secured and legit page, my CC# was still stolen.
I would say use one of those cards where you can generate a “throw away” number, or if you are that worried about your data outside of a perticular location, use SSH tunneling to that location, so all data out of this wifi evil twin can still be used to full advantages and the evil twin may never be able to get your data.