Over the years, travelers have repeatedly been warned to avoid public Wi-Fi in places like airports and coffee shops. Airport Wi-Fi, in particular, is known to be a hacker honeypot, due to what is typically relatively lax security. But even though many people know they should stay away from free Wi-Fi, it proves as irresistible to travelers as it is to hackers, who are now updating an old cybercrime tactic to take advantage.
An arrest in Australia over the summer set off alarm bells in the United States that cybercriminals are finding new ways to profit from what are called "evil twin" attacks. Also classified within a type of cybercrime called "Man in the Middle" attacks, evil twinning occurs when a hacker or hacking group sets up a fake Wi-Fi network, most often in public settings where many users can be expected to connect.
In this instance, an Australian man was charged with conducting a Wi-Fi attack on domestic flights and airports in Perth, Melbourne, and Adelaide. He allegedly set up a fake Wi-Fi network to steal email or social media credentials.
"As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common," said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one reads the terms and conditions or checks the URLs on free Wi-Fi.
"It's almost a game to see how fast you can click "accept" and then 'sign in' or 'connect.' This is the ploy, especially when visiting a new location; a user might not even know what a legitimate site should look like when presented with a fake site," Radolec said.
Today's 'evil twins' can more easily hide
Subscribe our newsletter to stay updated
Thank you for subscribing!
Subscribe our newsletter to stay updated
Thank you for subscribing!