Beware the "Evil Twin" Wi-Fi Hotspot

Tue Mar 20, 2007 3:17AM EDT

See Comments (197)

Hop into Starbucks or an airport terminal and you may find yourself tempted by the inexpensive Wi-Fi service offered. Fire up your computer, browse the wireless networks available, and maybe you'll jump on a network named "tmobile" or "wayport" or some other common name among Wi-Fi service providers. Sure enough, your browser pulls up a page asking for your credit card information... or maybe you'll find yourself with "free" access to the internet. Surprise: You might have just been punk'd by a hacker.

Such is the case of the "evil twin" hotspot, a rising danger for users who rely on public hotspots for internet access. The trick is simple: A hacker just creates a hotspot with the same name (or a very similar one) as a legitimate hotspot nearby, hoping to dupe web surfers into connecting to the hacker hotspot instead of the legitimate one. The goal is the usual fare: Collect user names, passwords, credit card numbers. All the good stuff.

The Los Angeles Times notes that such lookalike networks are on the rise, and though this scam has been around for many years, it seems to be rising in popularity. My hunch? Wireless routers have better range than ever before, and it's practically child's play to set up a harvesting web site to dupe people into giving up their personal information. And since your laptop will automatically connect to any network you've connected to in the past (Windows thinks any network named "linksys" is the same network no matter where you go), people can be duped by evil twin hotspots without ever knowing it.

So what can you do about it? Sadly, not a lot, and all that security software on your laptop won't help you one bit if you willingly connect to one of these hotspots. As with most scams, diligence is your best ally: Learn what legitimate hotspot web pages look like. Hackers rarely make a perfect copy. If you encounter anything out of the ordinary, disconnect from the hotspot immediately. Tell the manager of the establishment you're trying to connect to that something funny is going on. They may not do anything about it, but hopefully they'll call the cops and encourage them to track down the signal.

LINK: Ensnared on the wireless Web

Comments on Beware the "Evil Twin" Wi-Fi Hotspot

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 66 Posted by speedinrican2 on Thu Sep 3, 2009 9:35PM EDT Report Abuse

    Obituary of the late Mr. Common Sense Today we mourn the passing of a beloved old friend, Common Sense, who has been with us for many years. No one knows for sure how old he was, since his birth records were long ago lost in bureaucratic red tape. He will be remembered as having cultivated such valuable lessons as: Knowing when to come in out of the rain; Why the early bird gets the worm; Life isn't always fair; and Maybe it was my fault. Common Sense lived by simple, sound financial policies (don't spend more than you can earn) and reliable strategies (adults, not children, are in charge). His health began to deteriorate rapidly when well-intentioned but overbearing regulations were set in place. Reports of a 6 -year- old boy charged with sexual harassment for kissing a classmate; teens suspended from school for using mouthwash after lunch; and a teacher fired for reprimanding an unruly student, only worsened his condition. Common Sense lost ground when parents attacked teachers for doing the job that they themselves had failed to do in disciplining their unruly children. It declined even further when schools were required to get parental consent to administer Tylenol, sun lotion or a band-aid to a student; but could not inform parents when a student became pregnant and wanted to have an abortion. Common Sense lost the will to live as the Ten Commandments became contraband; churches became businesses; and criminals received better treatment than their victims. Common Sense took a beating when you couldn't defend yourself from a burglar in your own home and the burglar could sue you for assault. Common Sense finally gave up the will to live, after a woman failed to realize that a steaming cup of coffee was hot. She spilled a little in her lap, and was promptly awarded a huge settlement. Common Sense was preceded i n death by his parents , Truth and Trust; his wife, Discretion; his daughter, Responsibility; and his son, Reason. He is survived by his 3 stepbrothers; I Know My Rights, Someone Else Is To Blame, and I'm A Victim. Not many attended his funeral because so few realized he was gone. If you still remember him, pass this on. If not, join the majority and do nothing.

  • 67 Posted by code_3_21 on Thu Sep 3, 2009 3:28PM EDT Report Abuse

    Encrypt the wireless connection with WEP or WPA. Do not use "Free" open WiFi connections.

  • 68 Posted by stuckinoz627 on Thu Sep 3, 2009 9:45PM EDT Report Abuse

    I read the article and STILL have some questions for anyone out there that may be more alert to this than I. A friend of mine was in Zuirch and went into a "private lounge" for VIP's used a computer there (not his own. My question is although he would never use a credit card over the Internet....it was free and he sent me several emails, could this still be risky...would this exist in Zurich or elsewhere Overseas? Thanks!

  • 69 Posted by muddsharkca on Thu Sep 3, 2009 7:30PM EDT Report Abuse

    Best yet. Get the heck off the darn net when your not at work or home and relax.

  • 70 Posted by resplendent68 on Thu Sep 3, 2009 8:36PM EDT Report Abuse

    Carpe' Diem: The product I use an recomend to other is www.airsnare.com It's a free program, for seeing whose sharing your wi fi connection. -Douglas- -Gresham, Oregon-

  • 71 Posted by svette20022002 on Thu Sep 3, 2009 9:50PM EDT Report Abuse

    Not to mention you have these parents who allow their child to have a Credit Card in the first place. Yeah thats good parenting right there let me tell ya and also allowing them to have a cell phone. Parents spoil their kids way too much.

  • 72 Posted by johnmoskalski on Thu Sep 3, 2009 4:39PM EDT Report Abuse

    Stop surfing the net and go get a job and work. Then you can pay cash and not worry about fraud. You might even want to shop in a store where there are people to talk to. But then, what would all the unemployeed do if there were easy jobs out there to get, instead of having a housewife in India pushing you for the extra price for rush shipment.

  • 73 Posted by texascaligirl1964 on Thu Sep 3, 2009 10:01PM EDT Report Abuse

    Geez, it's soooo nice that your blogsite goes straight to selling laptops....But, you think you have internet trouble there? Try living in the UAE....What's not censored or responded to, leaves you keeping your mouth shut.

  • 74 Posted by damienlagoy on Thu Sep 3, 2009 3:34PM EDT Report Abuse

    And just how direly important that is it that you cannot wait until you are back home or at your hotel to buy that ipod or pair of shoes you just saw on line? If you are that compulsory then I would say you have bigger problems than a hacker going on in your life. And I will never for the life of me ever understand why anyone would put their credit/debit card numbers in auto-fill. While you can't stop every crook, you can be a little less trusting out there rather than assume that just because it's on line and you happen to be at a Starbucks your safe. Why is it people won't trust a cab driver that's right in front of them over change on a fare but they'll open up their entire checking accounts to an entity you can neither see nor hear?

  • 75 Posted by anebrich on Thu Sep 3, 2009 2:54PM EDT Report Abuse

    I travel frequently and I often see these on in my server list. I always look for the computer to computer ones and stay away from those.

  • 76 Posted by valmarie on Thu Sep 3, 2009 10:31PM EDT Report Abuse

    I worked with NBC in Dallas and did a segment with them about this very issue two years ago. We sat outside a local Starbucks and the producer went inside and typed an email. We sat outside in a van and captured his email.

  • 77 Posted by laura21099@sbcglobal.net on Thu Sep 3, 2009 4:57PM EDT Report Abuse

    Im a bit confused? Does this apply to connecting to an unknown wireless network eventhough no personal information is requested???

  • 78 Posted by ppgooding on Thu Sep 3, 2009 8:18PM EDT Report Abuse

    We can't be serious. "Call the cops" and they'll track down the evildoers? Where, in Mayberry? No wonder hacking and ID theft are rampant, people are just darn fools about these things. Look, when you connect to a public network, you are basically surrendering your security to that network and to anyone else connected to that network. If you aren't willing to take that risk, then don't connect. Good grief. Yeah, call the cops. I'm sure they'll send a squad car right over.

  • 79 Posted by cycuda on Thu Sep 3, 2009 3:33PM EDT Report Abuse

    What happened to the simple world of puters? I mean all these script kiddies take three minutes and write up a site lurring the weak and feable into them. What happened to the simple times of just trying to get E laid on the net. Now we have to run spyware,firewalls,virus software,port scanners,ip sniffers and were afraid to actually TRUST anyone because we've sniffed out their IP's and found out that their a fifty year old man acting like a 27 year old lady. To get to the point make sure you know what your dealing with before you try anything on the internet.

  • 80 Posted by fileger on Thu Sep 3, 2009 3:59PM EDT Report Abuse

    There would be less "identity theft" if it was punishable by 40 years in prison without parole!

  • 81 Posted by gsn2323 on Thu Sep 3, 2009 4:14PM EDT Report Abuse

    "Free Access" is not free at all. You always get what you pay for. Period. No exceptions. Someone has armed the baboons in South Africa.

  • 82 Posted by mwkoolstuff2001 on Thu Sep 3, 2009 7:31PM EDT Report Abuse

    If a user is too cheap to use a Wireless EVDO card from any of the wireless carriers, such as Sprint, Verizon or Cingular, which is a protected network, you get what you deserve if you get burned. End of story. You get what you pay for. Spring for the $60 a month if you want to go wireless and be safe.

  • 83 Posted by ppgooding on Thu Sep 3, 2009 8:18PM EDT Report Abuse

    Good lord! Commenters are suggesting that the police actually DO fight these "crimes?" Do you know how much it costs to put cops on the street? Do you really think that chasing possible hotspot hackers is what your police should be doing? I swear, the Intertrons are turning into Potatohead Central. Amazing. If you are worried about this, stay off hotspots. Don't be sending your most critical ID and credit information over a hotspot connection. Use your head.

  • 84 Posted by jsc2112lac on Thu Sep 3, 2009 4:42PM EDT Report Abuse

    Wow looks as if the old dumpster divers have really taken it to a new level!! I contacted the Geek Squad in my city (Houston) and they told me not to do a signifigant amount of sharing in any hot spot location. If you have the need of the net anywhere to use your own nwetwork by using a aircard with particular cell phone companys, it might cost a little more but ask yourself how important is your info ???

  • 85 Posted by elviraessc on Thu Sep 3, 2009 3:53PM EDT Report Abuse

    I have a wireless USB adaptor from Sprint for my laptop and I have unlimited internet access anywhere your cell works. It's 60 bucks a month and broadband speed. I can drive to a remote erea and hook up. It's safe and fast I would recommend this to everyone. It even works on a pc in case you cant get internet where you live because it fits in to a USB port.

More Posts: First Prev 3 4 5 6 7 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.