Beware the "Evil Twin" Wi-Fi Hotspot

Tue Mar 20, 2007 3:17AM EDT

See Comments (197)

Hop into Starbucks or an airport terminal and you may find yourself tempted by the inexpensive Wi-Fi service offered. Fire up your computer, browse the wireless networks available, and maybe you'll jump on a network named "tmobile" or "wayport" or some other common name among Wi-Fi service providers. Sure enough, your browser pulls up a page asking for your credit card information... or maybe you'll find yourself with "free" access to the internet. Surprise: You might have just been punk'd by a hacker.

Such is the case of the "evil twin" hotspot, a rising danger for users who rely on public hotspots for internet access. The trick is simple: A hacker just creates a hotspot with the same name (or a very similar one) as a legitimate hotspot nearby, hoping to dupe web surfers into connecting to the hacker hotspot instead of the legitimate one. The goal is the usual fare: Collect user names, passwords, credit card numbers. All the good stuff.

The Los Angeles Times notes that such lookalike networks are on the rise, and though this scam has been around for many years, it seems to be rising in popularity. My hunch? Wireless routers have better range than ever before, and it's practically child's play to set up a harvesting web site to dupe people into giving up their personal information. And since your laptop will automatically connect to any network you've connected to in the past (Windows thinks any network named "linksys" is the same network no matter where you go), people can be duped by evil twin hotspots without ever knowing it.

So what can you do about it? Sadly, not a lot, and all that security software on your laptop won't help you one bit if you willingly connect to one of these hotspots. As with most scams, diligence is your best ally: Learn what legitimate hotspot web pages look like. Hackers rarely make a perfect copy. If you encounter anything out of the ordinary, disconnect from the hotspot immediately. Tell the manager of the establishment you're trying to connect to that something funny is going on. They may not do anything about it, but hopefully they'll call the cops and encourage them to track down the signal.

LINK: Ensnared on the wireless Web

Comments on Beware the "Evil Twin" Wi-Fi Hotspot

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 47 Posted by flagorio on Thu Sep 3, 2009 4:00PM EDT Report Abuse

    That is why I use my Verizon pcmcia card.

  • 48 Posted by michael.stigers on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    As stated in others whom have written an article here - the most secure would of course be a mobile provider. Cellular signals no longer exist to carry data, they are referred to now as simple digital signals. Every mobile provider on the face of the USA pretty much provides one now. They range from $29.95 - $69.95 a month depending on the speed, and provider you choose. This is the most secure way of connecting to the internet when on the go. You simply get a card to stick into your laptop, and boom - you're secure. "Hot Spots" like any other form of public sharing is *not* going to be secure. Is the cost something you want to jump into? Of course - they're cheap, but is it worth losing any important information over? Of course not. There are a few rules you should always follow when dealing with a network that you are not 100% sure can be trusted: 1) Never share personal information 2) Never log into financial institutions 3) Minimize the amount of passwords you enter, the less, the more secure you are. Chose the ones that aren't critical such as your hotmail, or yahoo e-mail accounts. Any data that may be important to you, doesn't need to be accessed over a public domain. 4) Don't stay logged on for long periods of time. The longer you are connected, the easier hackers can get into your system, even on a trusted network. 5) Get a good wireless firewall. Many of the new firewalls contain wireless security which keep hijackers out, and can "hide" your system to other computers using the same network. I could go on, and on about security, but the best is common sense. If you personally do not know what you're doing, and the risks - just stay off! If your computer is bluetooth enabled, make sure you always keep your bluetooth OFF when in a public domain. This also applies to your cell phone. If you leave your bluetooth on, capturing even your phones information is childs play. Just like you wouldn't climb on a chair and start screaming your personal information out, you don't want to do so on a network you're not familiar with. If you choose to get on a network, make sure it has the small little LOCK symbol by the wireless network. This shows some form of security. Check with the owner or manager of the establishment for the name and "look" of the network. Many providers will make you pay "up front" to obtain a password. Using common sense, and a little "know how" will keep you safe in this digital age where some old fat hairy man in their late 40's is curious if they got that new "girl in a bikini" to be their friend on myspace - but using your head will keep you clear and safe. - Digital Chaos ( Michael Stigers ) michaelstigers@aol.com

  • 49 Posted by ibmisblue on Thu Sep 3, 2009 4:22PM EDT Report Abuse

    That's a pretty simple scam. This article says that hackers can't really create a realistic twin site. But they can. All you do is copy the HTML code from the website you are copying and make some changes to it. I think what you have to pay attention to is the URL you are ate. Some may be obvious. If you think you are connecting to tmobile.com but the url says "tmobbile.com" or something like that then it's probably a hoax. Then just make sure it's not a phishing site with a phishing tool if you have a fishing tool.

  • 50 Posted by amitshirsat1 on Thu Sep 3, 2009 2:53PM EDT Report Abuse

    Obviously anyone who connects to a network with out a wep key or any type of encryption is pretty dumb. Even if it is free, I think that these people that give it away for free, should provide keys to their users.

  • 51 Posted by tyscott_tech on Thu Sep 3, 2009 10:26PM EDT Report Abuse

    Lets just make an evil twin ourselves. If we need to order goods off the internet that reqires our credit card.Take advantage of the rent a credit card, just put down the amount of cash you need to purchase the merchandise and then throw the card away. The hacker can play with the used up number for the next thousand years.

  • 52 Posted by queenofblank on Thu Sep 3, 2009 8:24PM EDT Report Abuse

    The problem with posting this up on the internet and the homepage is that you have now run the risk of having that many more people start doing this, since they probably hadn't though of the idea themselves yet. Me, I get on unsecured wi-fi all the time, but I never pay for it.. Just when it's free!

  • 54 Posted by dl_lipken on Thu Sep 3, 2009 3:45PM EDT Report Abuse

    In response to rojobaron - you hit the nail on the head. We live in a society that thrives on being unethical. We preach that crime pays, because we don't punish the criminals. More often, we punish those who try to protect us. When the heck did we get so bass ackwards?

  • 55 Posted by davidheadley1 on Thu Sep 3, 2009 3:38PM EDT Report Abuse

    All it takes is for someone to downlaod a keystroke logger on your computer, and then it will email everything you type in, to a source. Once that happens, you'll give away all your information whenever you log back in to any site. Just be careful.

  • 56 Posted by alber3g on Thu Sep 3, 2009 2:49PM EDT Report Abuse

    A possible solution to this problem is to immediately log into a VPN network after you access the Internet from a wi-fi hotspot. That way your communication will be encrypted and inaccessible to hackers. This of course assumes that you are using a secure VPN network, including the use of key-generated passwords that expire after first use (so the hacker won't be able to log into your VPN using the password that you just used to login). No security strategy is completely flawless, but using a VPN will at least make it a lot harder for hackers.

  • 57 Posted by rb_tech on Thu Sep 3, 2009 8:31PM EDT Report Abuse

    I have been aware of this problem for a long time and was afraid it would become an epidemic. Hackers can "sniff" wireless traffic for info that is WEP encrypted or less but how many do is a good question. Its too easy now to get a high gain yagi antenna and over power a hotspot to get people to log on to yours. A sophisticated hacker could just scan the traffic for later use and you would be unaware when or where you were compromised.

  • 58 Posted by mike_orona on Thu Sep 3, 2009 7:20PM EDT Report Abuse

    Everyone should go back to steam power. They never had Wi-Fi problems then, and hats were still in. I miss hats.

  • 59 Posted by barbcast555 on Thu Sep 3, 2009 3:02PM EDT Report Abuse

    Bottom line is, you really need to NOT use WIFI. It's a pain in the neck to deal with ID theft, and believe me hard as HECK to clean up after. Go with Sprint, or Cingular or one of those services that sell wireless cards. Plug it in, and bam! Youre dialed into a private network that does not require you to mess with other people's computers. Just like dialup or DSL it's YOUR connection, no one else's. DONE. The speed may be somewhat slower than your typical Cable Modem wifi, but it's worth it for th extra peace of mind. They run about 59.99 a month for the card, and if you travel a lot it's WELL worth the money. Trust me, safer is better, and there is no such thing as FREE. You will pay with your personal info if you think otherwise.

  • 60 Posted by michael_w_anderson on Thu Sep 3, 2009 7:18PM EDT Report Abuse

    I am from the government office of Anonymous Security Service. In order to verify that all of your posts are not terrorist related, please publish your name, drivers license number, social security number, two credit card numbers with expiration dates and security codes, date of birth, place of birth, and mother's maiden name. We will verify your validity through our massive data files. Thank you for co-operating and keeping America terrorist free.

  • 61 Posted by hyourin_kishi_aka_smk on Thu Sep 3, 2009 4:21PM EDT Report Abuse

    How to prevent being "twinned": On the website, you can check the security of a website two ways: 1) In the address bar, in the websites name, the address should display: https://*****.***....etc. -A SECURE site should have an S after the http. This means the connection between the server and your computer is secure. 2) Click the lock icon either in your address bar or status bar, depending on version of OS. This will pull up the webiste's security certificates. Twins will not have a security certificate. Hope this helps everyone!

  • 62 Posted by danew13 on Thu Sep 3, 2009 3:35PM EDT Report Abuse

    Maybe other firms will do as Denny's does, and offer free wi fi...then there wll be no need for info giving. or they may wind up being forced to stop the service, all together. dan

  • 63 Posted by svette20022002 on Thu Sep 3, 2009 9:50PM EDT Report Abuse

    Ya good advice. How is it that nowadays people are just too trusting especially when it comes to that little piece of plastic that people just throw around? Im sorry, but even if I did have a credit card I would be wise enough to make sure I can trust whoever wants my credit card number. Some people are just stupid when it comes to their credit card.

  • 65 Posted by get_some_sense on Thu Sep 3, 2009 4:08PM EDT Report Abuse

    What happened to the days when NO ONE carried around a frickening phone and or laptop in a public place??? God, it's no wonder so many people have heart disease anymore...Gees get a real life. It's really bad when you start seeing HUGE warning signs about prohibited cell phone usage at places like McDonald's and your Doctor's office. Doesn't anyone have any kind of sense anymore??? No one should have to be TOLD like a kindergartner to get the heck off their cell phone and pay attention to the immediate business at hand.

More Posts: First Prev 2 3 4 5 6 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.