Beware the "Evil Twin" Wi-Fi Hotspot

Tue Mar 20, 2007 3:17AM EDT

See Comments (197)

Hop into Starbucks or an airport terminal and you may find yourself tempted by the inexpensive Wi-Fi service offered. Fire up your computer, browse the wireless networks available, and maybe you'll jump on a network named "tmobile" or "wayport" or some other common name among Wi-Fi service providers. Sure enough, your browser pulls up a page asking for your credit card information... or maybe you'll find yourself with "free" access to the internet. Surprise: You might have just been punk'd by a hacker.

Such is the case of the "evil twin" hotspot, a rising danger for users who rely on public hotspots for internet access. The trick is simple: A hacker just creates a hotspot with the same name (or a very similar one) as a legitimate hotspot nearby, hoping to dupe web surfers into connecting to the hacker hotspot instead of the legitimate one. The goal is the usual fare: Collect user names, passwords, credit card numbers. All the good stuff.

The Los Angeles Times notes that such lookalike networks are on the rise, and though this scam has been around for many years, it seems to be rising in popularity. My hunch? Wireless routers have better range than ever before, and it's practically child's play to set up a harvesting web site to dupe people into giving up their personal information. And since your laptop will automatically connect to any network you've connected to in the past (Windows thinks any network named "linksys" is the same network no matter where you go), people can be duped by evil twin hotspots without ever knowing it.

So what can you do about it? Sadly, not a lot, and all that security software on your laptop won't help you one bit if you willingly connect to one of these hotspots. As with most scams, diligence is your best ally: Learn what legitimate hotspot web pages look like. Hackers rarely make a perfect copy. If you encounter anything out of the ordinary, disconnect from the hotspot immediately. Tell the manager of the establishment you're trying to connect to that something funny is going on. They may not do anything about it, but hopefully they'll call the cops and encourage them to track down the signal.

LINK: Ensnared on the wireless Web

Comments on Beware the "Evil Twin" Wi-Fi Hotspot

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 186 Posted by pcnemy on Thu Sep 3, 2009 8:04PM EDT Report Abuse

    Here's a tip: Internet Explorer always lets u know when you enter a secured area, it also tells you if you can trust te web page. However, Hackers can't use your credit card! even if they do, of course you'll notice it and you can contact your bank and tell them what happened. They'll fix the problem by: not charging you whatever the hacker bought, calling the police and the cops can trace the hacker down. (Sorry for the language problems, I speak spanish)

  • 187 Posted by spaceliner66 on Thu Sep 3, 2009 9:34PM EDT Report Abuse

    ??? let the police track down the signal??!! - HA!

  • 188 Posted by sexyfilip on Thu Sep 3, 2009 9:14PM EDT Report Abuse

    You know that thanks to this article some hackersjust may have gotten better ideas. TOODLES!

  • 189 Posted by battletax on Thu Sep 3, 2009 3:02PM EDT Report Abuse

    Maybe I'm just cheap, but I have NEVER had to enter a unique username or password (or a cc #) to connect to a legitate Wi-Fi spot. Every coffeeshop that offers it simply hands out the dummy password to everyone. If you log into a network and the first thing that pops up is asking for your credit card number, disconnect. If you have to be told that, then you are not ready for a credit card account or for public access Wi-Fi. Keeping personal information on a laptop that could easily be stolen as well as hacked into is simply not smart. Thumb drives come with up to 5.0 gigs of space - use 'em!

  • 190 Posted by simpleusa on Thu Sep 3, 2009 9:23PM EDT Report Abuse

    Good article. Common sense: educate yourself before you do anything that you don't now. It is not a "plug and play" world.

  • 191 Posted by davidsbusiness on Thu Sep 3, 2009 3:38PM EDT Report Abuse

    There is a free product that enables you to secure your connection and is specificly designed for Hotspots (free & paid). The product is call Hotspot Shield, and is offered at no cost on www.anchorfree.com. I have used the Hotspot Shield numerous times and it encrypts all traffic going from my laptop to the Internet, thus it enables privacy and secure and protects me from any bad guys on the net.

  • 192 Posted by irenaskorobatck@sbcglobal.net on Thu Sep 3, 2009 4:24PM EDT Report Abuse

    Don't do any transactions without using secure connection, be very sure that you are using secure connection. I NEVER used free Wi-Fi and never will, I rather use a secure personnal connection and never disclose any confidential matter online.

  • 193 Posted by newhor1zons2 on Thu Sep 3, 2009 7:36PM EDT Report Abuse

    If you are reading this and you think it's an interesting idea or if you have actually tried it, DONT'T DO IT!!! There are some very nasty, unreasonably harsh penalties for prison with no possibility of parole linked to the Compute Fraud and Abuse Act.

  • 194 Posted by lilrednekangel on Thu Sep 3, 2009 6:51PM EDT Report Abuse

    oooooooooooookkkkkkkkkkkkkkk!!!!!!!!!!!! i have no idea what yall are talking about and.......i really dont care! okkk.....later

  • 195 Posted by dianemac1964 on Thu Sep 3, 2009 3:42PM EDT Report Abuse

    Anchor Free Hotspot Sheild ads have suddenly started appearing at the top of my web pages. I close the ad and it comes back. Does anyone know if this product is legit? Or how to I protect against it? FYI - my McAfee has ad, pop-up and web bug blocking on!

  • 196 Posted by jd_1876 on Thu Sep 3, 2009 4:31PM EDT Report Abuse

    What I do is never connect to a network that isn't free. Thanks though, because now I'll only connect to trusted networks.

  • 197 Posted by psufonguy on Thu Sep 3, 2009 8:20PM EDT Report Abuse

    @ dianemac1964 the ads are supposed to be there. companies pay anchorfree to show the ads so that they can supply the service for free to the consumer. Does anyone know where I can find the LA Times articles, the links no longer work?

More Posts: First Prev 9 10 11 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.