In 2024, a forty-two-year-old man was arrested for creating an “evil twin” public wi-fi that mimicked the airport’s legitimate network. People unwittingly connected to his malicious network and exposed their sensitive information. The “evil twin” scam is regularly used today by criminals and is one of the hidden dangers to using public wi-fi(1). Many victims need identity theft protection services in order to recover. However, there are a lot more dangers that you should be aware of.
Public wi-fi is extremely appealing in certain circumstances. It’s free, accessible, and available in convenient locations like airports or hotels. However, connecting to public wi-fi has risks. A quarter of regular wi-fi users reported experiencing a security issue from using public wi-fi(2). This unsafe wi-fi has open network security which easily allows wi-fi hacking from bad actors. To combat the ever-advancing strategies of cybercriminals, you need to arm yourself with the knowledge of their current tactics.
How Hackers Exploit Unsafe Wi-Fi Networks
Cybercriminals have many options when it comes to exploiting public wi-fi. They can use wi-fi hacking to exploit the vulnerabilities on a device or network. They can also use phishing scams to trick users into sharing sensitive information over a network. Here are some more ways hackers use unsafe wi-fi.
Man-in-the-Middle (MITM) Attacks
The man-in-the middle attack is a wi-fi hacking technique in which a hacker uses an unsafe wi-fi network to eavesdrop on the communications sent between the victim’s device and the hotspot. The most common targets for sensitive data are login credentials, emails, or payment data.
Fake Hotspots and Evil Twin Networks
The “evil twin” hotspot is when a malicious actor sets up a public wi-fi with open network security and disguises it as a trusted source. Victims connect to the unsafe wi-fi network and unwittingly send the perpetrator their sensitive data or login credentials. Scammers will disguise the names of their malicious networks as trusted public wi-fi networks like “Free Airport Wi-Fi” or “Free Holiday Inn Wi-Fi.” Hackers also use phishing scams to direct victims to a login page where they are prompted to enter their credentials for social networks or email.
Malware Distribution Over Open Network Security
Whether it is open network security or encrypted, one of the ways malware can be distributed is through the network connection. Two devices on the same network increases the risk of malware distribution since these devices are discoverable to each other.
Public wi-fi has risks with malware as well. Cybercriminals use network hacking to spread malware across different devices. Hackers can also use phishing scams in the form of pop-ups and downloads to plant malware on specific devices on the network.
What Data Is at Risk on Public Wi-Fi?
Cybercriminals using public wi-fi to hack into devices or steal information is an older technique that took advantage of unsecure websites and wireless networks. Now with the wide adoption of websites using HTTPS for encryption, most information is protected. However, there are still public network risks and data that can be exposed in certain scenarios.
- Personal and financial information. Things like exposed login credentials, credit card information, social media accounts, banking info, and more could get exposed.
- Company and work-related files. Using a public wi-fi to work remotely without a VPN could expose work related systems, initiating the need for a data breach response plan.
- Location and device tracking. Hackers can use metadata and location services to monitor movement.
Signs You May Have Been Hacked After Using Public Wi-Fi
Using public wi-fi has risks but it’s sometimes necessary. Many people are still unaware of the dangers of public networks and the best practices for device security and protection. There are a lot of bad actors waiting for the opportunity to use wi-fi hacking to steal sensitive data. You need to know the signs that you may have been hacked so you can catch them early and implement a data breach response plan to minimize harm. Here are the warning signs that your device may be compromised after using public wi-fi.
- Unusual device behavior. Sudden apps crashing, unauthorized installations, and browser redirects may be signs of a breach.
- Unauthorized account activity. More glaring signs would be sudden unauthorized activity on your email or bank accounts. Alerts and unfamiliar logins may be a sign that a cybercrime investigation is warranted.
- Identity theft red flags. If you notice credit report changes or unauthorized charges, you may need identity theft protection services.
How to Protect Yourself on Public Wi-Fi
Hackers using unsafe wi-fi networks tend to target the easiest victims. However, there are best practices that minimize public internet risks and protect your devices. For example, you should always confirm that the public wi-fi network you are connected to is legitimate. The staff of the location or institution should be able to confirm what the correct network is. Here are some more ways to protect yourself.
Use a Virtual Private Network (VPN)
A virtual private network is a tool that encrypts your connection and hides your IP address. Using a VPN reinforces your device security even when you use an unsafe wi-fi network. Proton VPN and NordVPN are well-known for their impactful services.
Avoid Logging into Sensitive Accounts
Wi-fi hacking an unsafe network typically targets the information being transmitted. If you avoid entering sensitive data or accessing your accounts while using public wi-fi, cybercriminals won’t be able to steal your data.
Use Mobile Hotspots or Encrypted Networks
Mobile hotspots with encrypted networks are a safer alternative to open network security. Many cell phones today have an option to create mobile hotspots. You can also purchase a dedicated mobile hotspot.
Enable HTTPS and Firewall Protection
Firewalls and antivirus software can assist your device’s security even when connected to public wi-fi. You can also look for HTTPS or the padlock in the URL bar to see if a website is encrypted. A sign that a wi-fi may be an “evil twin” and a phishing scam is if the authentication page for the wi-fi is not secure.
Turn Off Auto-Connect Features
Devices typically remember any networks you connected with. However, this can cause issues for anyone who may have connected to a malicious network. When it comes to wi-fi settings, make sure you turn auto-connect off.
What To Do If You Suspect You’ve Been Hacked
Businesses develop a data breach response plan to minimize harm and prioritize recovery. Individuals should have a similar plan for themselves. If you have been hacked through an insecure wireless network, you should take these precautions to protect your data.
- Disconnect and stop all online activity immediately. Cut off all online activity immediately. Switch to airplane mode if necessary.
- Notify affected institutions. Contact your bank, employer, or the institution that is affected as soon as you can to notify them of the breach. Your bank, for example, will use online fraud detection tools to look for any signs of a compromised account.
- Change passwords and secure accounts. To be safe, change your password on all accounts. Make sure the new password is a strong one.
- Scan device for threats. Use an antivirus software to detect any malware on your device.
- Monitor your account activity yourself. You can use online fraud detection techniques to monitor any unusual activity on your accounts.
- Contact a cybersecurity firm. These firms offer online fraud detection and identity theft protection in case of a security incident. Digital forensic experts will also launch a cybercrime investigation into how an attack occurred, who was responsible, and what was compromised.
Contact Cybersecurity Experts Like Digital Forensics Corp.
At Digital Forensics Corp., cybercrime investigation is something we specialize in. Our team of digital forensic experts can help you identify the entry point, assess the damage, and gather evidence for legal action. We can also reinforce the cybersecurity on your device and accounts after an incident.
Our digital forensic professionals can also help with identity theft protection, online fraud detection, and forming data breach response for organizations. If you have a device that has been compromised, contact us today for a consultation or digital forensic audit.
Awareness Is Your First Line of Defense
There are many dangers that lie with open network security. However, the public wi-fi risks are far less dangerous when you understand the tactics used by hackers. Awareness is your first line of defense against cybercriminals and using the best practices in device security is your second. In the worst-case scenario, there are still digital forensic experts ready to protect your device and data during a security incident. In fact, Digital Forensics Corp. has a team of professionals readily available for your call at anytime, anywhere.
Sources:
