Have you ever used a hotel’s secure Wi-Fi network while staying there as a guest?
How about the secure Wi-Fi network that serves the building you work in – or even the network at your church?
Many of us routinely use these types of secured Wi-Fi networks without giving them a second thought, because…well, they’re encrypted, and therefore safe, right?
As a general rule these secured networks are indeed safe and we can use them without having to worry about having our usernames, passwords and personal info being stolen.
But there’s also a danger with using secured Wi-Fi networks that you need to know about…
Hackers and scammers are now setting up “Evil Twin” Wi-Fi networks that mimic an establishment’s real, legitimate network. The scam works something like this:
Note: I’ll use a hotel setting in this example, but the scam works pretty much the same way at other types of venues.
Scenario: A hacker/scammer rents a room in a busy hotel, checks in, then sets up a temporary Wi-Fi hotspot using a Network ID similar to the one assigned to the hotel’s real Wi-Fi network.
When other guests at the hotel decide to go online, they see two (or more) Wi-Fi networks with very similar names: the hotel’s real, legitimate secured network(s) and the hacker’s fake, unsecure network(s).
If a guest attempts to log on to the hotel’s real network, they’ll be prompted for the access code. Once connected, they can use the secure Internet connection to conduct their online activities as usual without having to worry about having their info stolen.
But if a guest chooses the fake network, they often won’t be asked to enter an access code. They’ll simply be automatically connected to the insecure network and many of their online activities will be transmitted back and forth in the open (i.e. unencrypted).
Meanwhile, the scammer is sitting in his/her hotel room logging the victim’s usernames, passwords, credit card info, mobile phone number and more.
A variation of this scheme is for the hacker to set up a fake Wi-Fi network (again, with the same Network ID used by the legitimate network), but with a fake login screen that mimics the one used on the hotel network.
An unsuspecting guest will then “log in” to the fake network and use it while having a false sense of security because they were asked to input the access code. The problem is the access code they entered was a totally useless ruse and the network they’re using is actually unsecured.
You can usually identify a secure (i.e. encrypted) Wi-Fi network by the presence of the little “lock” icon beside the network icon. Check out the example network icons below:
The network depicted by the icon on the left is encrypted. That means you’ll have to enter the access key (aka password) before you’ll be able to log onto the network and use it to access the Internet.
If you’re able to enter the correct access key (the one supplied by the owner of the network) you’ll be able to log on and know that your information will be safely transmitted in encrypted format.
However, the network depicted by the icon on the right is not encrypted. We know that because there’s no lock icon beside the network icon.
If you were to use the network on the right to access the Internet your personal information would be transmitted in non-encrypted format (unless you were accessing a secure website), making it available to any hacker that happens to be monitoring that network’s traffic.
Bottom line: Any time you see two available Wi-Fi networks with the same (or very similar) Network ID, DO NOT connect to either one of them until you call the front desk and ask which network you should use.
Never use a network that isn’t encrypted (there is no lock icon) unless you’re using a VPN to encrypt your network traffic.
And finally, always remember that any time a network that’s supposed to be secure fails to ask you to input an access code, that network is either an “evil twin” or a legitimate network that isn’t set up properly (again, there won’t be a “lock” icon).
In either case, DO NOT use that network!