Beware the "Evil Twin" Wi-Fi Hotspot

Tue Mar 20, 2007 3:17AM EDT

See Comments (197)

Hop into Starbucks or an airport terminal and you may find yourself tempted by the inexpensive Wi-Fi service offered. Fire up your computer, browse the wireless networks available, and maybe you'll jump on a network named "tmobile" or "wayport" or some other common name among Wi-Fi service providers. Sure enough, your browser pulls up a page asking for your credit card information... or maybe you'll find yourself with "free" access to the internet. Surprise: You might have just been punk'd by a hacker.

Such is the case of the "evil twin" hotspot, a rising danger for users who rely on public hotspots for internet access. The trick is simple: A hacker just creates a hotspot with the same name (or a very similar one) as a legitimate hotspot nearby, hoping to dupe web surfers into connecting to the hacker hotspot instead of the legitimate one. The goal is the usual fare: Collect user names, passwords, credit card numbers. All the good stuff.

The Los Angeles Times notes that such lookalike networks are on the rise, and though this scam has been around for many years, it seems to be rising in popularity. My hunch? Wireless routers have better range than ever before, and it's practically child's play to set up a harvesting web site to dupe people into giving up their personal information. And since your laptop will automatically connect to any network you've connected to in the past (Windows thinks any network named "linksys" is the same network no matter where you go), people can be duped by evil twin hotspots without ever knowing it.

So what can you do about it? Sadly, not a lot, and all that security software on your laptop won't help you one bit if you willingly connect to one of these hotspots. As with most scams, diligence is your best ally: Learn what legitimate hotspot web pages look like. Hackers rarely make a perfect copy. If you encounter anything out of the ordinary, disconnect from the hotspot immediately. Tell the manager of the establishment you're trying to connect to that something funny is going on. They may not do anything about it, but hopefully they'll call the cops and encourage them to track down the signal.

LINK: Ensnared on the wireless Web

Comments on Beware the "Evil Twin" Wi-Fi Hotspot

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by commorancy on Thu Sep 3, 2009 3:28PM EDT Report Abuse

    I think this article rates on the order of common sense. If you attach your computer to an unknown and, more importantly, untrusted access point and then a browser pops up requesting your credit card number, you can very easily be hit with fraud or, worse, identity theft. In fact, you should never give out credit card or other sensitive financial or identifying data when connected to untrusted networks.

  • 2 Posted by todd2themax on Thu Sep 3, 2009 10:14PM EDT Report Abuse

    Better yet, use your cell phone internet access. It is relatively cheap and can be used anywhere. Contact your provider on what you need. It is a little more to do to connect but the security is worth it.

  • 3 Posted by wnchstr.pd@snet.net on Thu Sep 3, 2009 10:49PM EDT Report Abuse

    Famous old saying, " the trouble with common sense is that it's not to common."

  • 4 Posted by swhhohs on Thu Sep 3, 2009 9:52PM EDT Report Abuse

    Yeah, but as the article pointed out, it may also be free and they can still phish your log-in IDs and passwords while you're connected, which may or may not lead to sensitive material. So, it may be common sense not to give out your credit card number, but even if it never asks for that you could still end up being victim to having personal information stolen. I think the best line of defense is that you carefully look at all available connections and choose one manually, rather than allowing your computer to automatically connect to the first one it finds. If two connections identify themselves the same way, I would be extra careful and maybe ask someone which one is legitimate.

  • 5 Posted by magesto@pacbell.net on Thu Sep 3, 2009 7:03PM EDT Report Abuse

    The last commentator is missing the point of the article. Some hackers use the actual name of the hotspot you are trying to connect to. Also common sense is not everything in the computer world. Many people do not understand or even try to understand the complex workings of a computer especially when it comes to Wi-Fi. Lastly major hotspots require you to give them your username and password. A good practice is to log onto the hotspot from a secure connection before you go to the location with the internet hotspot and set up an account that way. Then when you go to log on all you have to do is enter your user name and password. If you feel you entered a site that is a fraud, go to a secure connection and change your password immediately. At least they don't get your credit card number and if you call the hotspot they may give you a credit on your account.

More Posts: First Prev 1 2 3 4 5 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.