How to spot evil twins trying to steal your data in plain sight
on 01 Nov, 2017
“This will only take a few seconds.”
You’re waiting for a latte at the local coffee shop. You could even be sitting in a hotel or airport.
There are a few minutes to kill. So you shrug, “What could be the big deal?”
Turns out, a lot could go wrong if you connect to the wrong network.
‘Evil twins’ are technically the same as any other public network. They’re often disguised to look legitimate, adding logos and borrowing recognisable brand names like the place you’re sitting in or ‘O2 Network.’
They’re also incredibly easy to set-up, which makes them a hacker's dream.
Simple to set up and run. Hard to detect. And devastatingly effective.
Here’s how they work and how you can protect yourself once and for all.
Why ‘evil twins’ are commonplace
More people browse the internet on their phones than on desktop devices and, according to Google, more searches happen on mobile devices too.
Wi-Fi eavesdropping is one of the most common attacks because it’s so easy to pull off.
All the hacker needs to do is set up a fake Wi-Fi network. You might not even realise it’s fake, either, because it might use the same branding you’re used to already.
People sign up, start browsing, and the hacker literally logs everything you do. That means they can grab the username and password you use to log in to each site. Web traffic is often ‘sniffed’ when you’re on an unsecured network. Which means they can grab your session cookies to try and impersonate you on Facebook or Barclays or NatWest.
So what are you supposed to do? Not use the internet in public? Of course not. That’s not practical in a world where 87% of us use public Wi-Fi networks.
Here are a few warning signs to look for the next time you’re browsing while out-and-about.
How to find out if you’re connected to an ‘evil twin’
The first step is to look for clues. There are a few inconsistencies to look for that might tip you off before it’s too late.
Unfortunately, it’s not always as simple as looking for misspellings or just low-quality networks. ‘Evil twins’ can often be mirror images of more legitimate networks. So you’ll have to look for a few other red flags, instead.
For example, Google Chrome is pushing all websites to use SSL certificates. This should create a secure search or ‘lock’ to assure you that the session is protected. No one should (in theory) be able to hijack your information or see what’s happening.
If you’re connected to a popular site, and it doesn’t have that little green tag, you should be concerned. No big sites today will leave connections unsecured. So you might be dealing with an imposter.
However, there are a few other tricks hackers will use to get around this issue.
A common one is changing a single letter or character in the domain name. So they might register ‘Faceb00k.com’ or similar.
That way, they can set up an SSL certificate, and you’d have no clue. It would still be a ‘secure’ site. It’s just the wrong site.
A final clue to watch out for are awkward transitions or redirections.
Let’s say you try going to your bank’s homepage, but an odd redirection sends you somewhere else.
If that’s not what typically happens when you bring up the site at home, again it’s a warning sign. Anything out of the ordinary should be met with extreme caution. Especially when in public.
Thankfully, there are a few ways you can protect yourself. Here are some of your best bets.
How to protect yourself from ‘evil twins’
Many mobile devices will automatically connect to local Wi-Fis. It makes perfect sense. This way, you’ll use less data while in public and hopefully cut down on your bill.
Laptops often do the same thing. You just look for the strongest, closest signal and hop on.
But this extra cost-saving measure and added convenience may not be worth it. Especially because you now know the risks involved.
Although it may sound trite, you should also use your best judgment. For example, don’t log in to your bank or pull up personal docs while on a public network. You’re just asking for trouble.
There’s relatively little risk in reading sports articles or browsing basic sites while in public. But even your Facebook or Twitter accounts could be compromised, which also reveal a surprising amount of information about you.
For example, think about the security questions your bank asks about when you try to change the password. Typically, it’s about your mother’s maiden name, dog’s name, schools you attended or their mascots, etc.
And guess where all of that information exists? Right on your Facebook profile.
CNET shares a great tip to check your End Activity on Facebook to double-check who’s been logging into your account (and their location). If you see something suspicious or a brand new location, you might want to start retracing your steps and updating passwords.
Don’t be paranoid or alarmed. But be cautious. If you’d be concerned that someone might be looking at what you’re looking at while logged into a public network, disconnect and make a note to revisit it later.
Otherwise, if you do have work to do or find yourself travelling in different hotels and other common public connections, use a solid VPN and avoid free ones.
The technology behind them is similar to the SSL certificates we spoke about above. Those create a secure connection or ‘tunnel’ between your device and the website you’re trying to access.
VPNs work the same, except it creates a secure ‘tunnel’ around the entire internet session.
For example, special ‘keys’ are created at each access point (your device and the internet connection). The only way to pry through or look in on what you’re doing then will be to have those special keys.
And most modern VPNs use a protocol encryption that would take years to crack. So it’s unlikely that someone would be able to break into your internet session while you’re killing a few minutes in the local coffee shop.
Most organisations and networks are doing what they can to improve their own security measures. However, at the end of the day, you need to take a more proactive approach in managing your internet safety.
Be a little more aware and use a few of these tricks to hopefully make sure you don’t become just another statistic.
Unfortunately, cybercrimes are on the rise. It’s one of the easiest and most effective forms of theft today. There are more hacks and attempts made each day.
The problem is that our entire lives are online now. We bank online. We make friends online. We find spouses online.
Literally, our whole life is centered around being connected to the internet.
The trick is to make sure it’s the right connection. ‘Evil twins’ are notoriously common and easy to set up. They’re also incredibly effective because they can often hide in broad daylight. Most people wouldn’t even realise they were on one.
And that’s what hackers are hoping for. They’re hoping that you’re not paying attention so they can grab sensitive data when you least expect it.
Unless, of course, you’re on the lookout to prevent that from ever happening in the first place.