How to Spot Fake “Evil Twin” Public Wi-Fi Networks Run by Hackers
Whether you’re in an airport, in a coffee shop, or a library, free Wi-Fi is available almost everywhere these days. Unfortunately, not all free Wi-Fi networks are vigilantly protected when it comes to their IT security.
That Wi-Fi network you’re using could be open to security threats by hackers and cybercriminals, putting your personal information at risk. Here’s what you need to know about fake Wi-Fi networks.
Why Do Hackers Use Fake Wi-Fi Networks?
Besides taking advantage of any insecure Wi-Fi networks to steal your identity , two additional Wi-Fi vulnerabilities that hackers can use are Rogue Access Points (AP) and Evil Twins. These are seemingly genuine wireless networks created to trick potential victims into giving away their personal information.
They can look and act as what you would expect from a real network. This includes using the same or similar name (think Starbucks Wi-fi versus Starbucks Free Wi-Fi), and the same login screen.
While connected to an insecure and unencrypted network, you are at minimum giving the hacker free access to anything you do while online. This includes grabbing any usernames, passwords and other personal information that you enter.
At most you’ll download a virus or malware and give them full access to your device even after you disconnect from the insecure “network”.
If you connect to a network where a credit card is required for access, like a hotel, or an airplane “pay per hour” network, the hacker will have copied your credit card info even before you start browsing. In short, any data you upload or download while on the hacker’s Wi-Fi is visible to them.
While there are other ways hackers can use public Wi-Fi to steal your identity, we’re going to focus on what Evil Twins and Rogue Access Points are, what to look for, and what you should do if you connect to one.
What Is a Rogue Access Point (AP)?
A Rogue AP, sometimes used interchangeably with Evil Twin, is an insecure device connected to a network unbeknownst to the owner. This device will broadcast its own Wi-Fi that will connect you to the genuine network created by the business.
It will seem like connecting to the Wi-Fi as normal, but your connection will go via the hacker’s access point instead of the intended secure device.
A hacker will usually combine this with a Denial of Service attack on the original access point to disable it, making theirs the only available signal.
Rogue Access Points are a massive security issue that threaten the security of all the connected users. Any network security features and firewalls that may be enabled on the network will not affect a Rogue APs access to your transmitted data.
A Rogue AP is difficult to spot as a user. However, if you’re worried that you might have any extra devices on your network, here’s how to find a rogue device on your network.
What Is an Evil Twin Wi-Fi Network?
An Evil Twin is technically a type of Rogue Access Point that can be set up with any phone or laptop with wireless capabilities. It differs in that it’s not strictly connected to the business’ Wi-Fi unknowingly. The hacker will set up a duplicate wireless network that also looks and acts the same way as the original network, down to using the same name and seemingly the same security features.
The signal of this Wi-Fi will usually overpower that of the real network, simply by being physically closer to the user. Again, a Denial of Service attack to knock out the original access point is not uncommon in this scenario.
Either way, this means that potential victims will connect to the hacker’s signal rather than the genuine network.
How to Spot an Evil Twin Wi-Fi Network
Unfortunately, in real life, evil twins don’t wear goatees to make them easy to identify. Don’t assume that because the name of the Wi-Fi is “Starbucks Free Wi-fi”, that it is secure, or even that it belongs to Starbucks.
Oddly enough, the easiest Evil Twins to spot can be those that are password protected. If you purposely enter the wrong password and you don’t get an error message, the access point is likely fake. An Evil Twins will commonly let anyone access it regardless of the password you enter.
Look out for very slow network connections. This could be a sign that the hacker is using mobile internet to connect you to the web.
Also, pay attention to the address bar of the websites you visit. If your banking website shows an unencrypted HTTP version instead of HTTPS, your connection is definitely unsafe. This is called SSL Stripping, and a hacker can get your passwords or banking details as you enter them.
It’s easy for a hacker to redirect you to a fake version of any website if you connect through their device, and this way, they can get your login details as soon as you enter them. Using a VPN will not protect you in these cases, as you are entering your information into the hacker’s own website.
However, make sure that the URL is correct, and look out for grammatical errors or language that you would not expect from the website.
Fake domains (often using misnamed addresses) are something you should watch out for when browsing in any situation, as they are one of many common social engineering threats you can face online.
How to Avoid Being a Victim of Public Wi-Fi Hacks
Always use a VPN, like our #1 ranked service ExpressVPN, on your tablet, phone, or laptop. There are VPN solutions for pretty much all devices, including your smartphones, tablets, laptops, desktops, and routers.
When accessing a public Wi-Fi, especially if you don’t have a VPN installed, keep to regular browsing. Avoid accessing any websites where you will input sensitive data, like Amazon or your online banking.
Look out for SSL certificate errors. Many browsers will let you know if you are accessing an insecure and unencrypted page. Make sure that you access encrypted versions of any website. Always check if the “Secure” notice in your address bar is green. In addition to a VPN, you should consider security extensions like HTTPS Everywhere .
If you do see a security certificate error, don’t ignore it. Instead, close the website, and look for other hints that you are on a suspicious network.
It might also be worth disabling your device’s “auto-connect to Wi-Fi” feature to prevent accidentally connecting to an illegitimate network.
Take care and follow these seven secure strategies to use public Wi-Fi safely on your phone.
What to Do If You Connect to an Evil Twin or Rogue AP
Even if you are vigilant, your phone might automatically connect you to an insecure network without you realizing. If you suspect that you have connected to a compromised network, follow these steps to reduce the potential consequences.
- Disconnect as quickly as possible.
- Clear your list of saved Wi-Fi connections, to avoid connecting to the same one in the future.
- Clear your browser cache
- Run antivirus and malware checks.
- Change the password to any site you logged in to, and any other websites that use the same login information.
- Call your bank and cancel any bank cards you used.
Any unencrypted network and public Wi-Fi can be targets for a MITM attack. In fact, the network doesn’t even need to belong to a hacker with criminal intent—any network set up without security in mind is vulnerable. So be careful out there, and always use a VPN when you’re online !