Evil Twin Attacks - Click and Protect

You might have seen recent reports of a man stealing login details from other people on a flight, using an ‘evil twin’ attack.

Allegedly, he established a Wi-Fi hotspot that looked very like the one available for in-flight Wi-Fi. This is what the word ‘twin’ refers to in this kind of attack.

Typically, this kind of attack is reliant on unsuspecting people using that ‘twin’ hotspot rather than the genuine one. The attackers then capture any login details and other personal information that their targets enter. This, of course, is where the ‘evil’ element of the attack name comes in.

What could the attacker do? They could:

use that sensitive information to gain access to your accounts in future
capture your transactions (e.g. bank transfers) and edit the details in their favour
add malware to your device, so that they can control it even when you are no longer using the evil twin Wi-Fi.

This kind of attack can happen anywhere in public places where free Wi-Fi is available. Coffee shops are an obvious location, as are trains, libraries or airport lounges (not just the flights).

Often the attacker sets up a fake captive portal. This is the page that asks for your name, email address and sometimes a password before you can log in. A captive portal adds credibility to their attack (particularly if it matches the original), but also gives them a little bit of information about the victim which they may be able to use in the future.

The attack is invisible to the victim. You won’t know it has happened until later (and you might not spot it at all).

What can you do to avoid an evil twin attack?

There are steps you can take to reduce your risk of an evil twin attack:

Avoid unsecured Wi-Fi networks. If you have to use public Wi-Fi, check for near-duplicate hotspot names (one of them might be dodgy)
Use a personal hotspot—for example, tether your laptop to your mobile
Avoid using private accounts on public Wi-Fi if you can
If you must check private accounts in public, put multi-factor authentication in place, to add an extra security layer
Turn off auto-connect, to avoid accidentally connecting to an evil twin
Use only HTTPS websites. Those connections are encrypted, so the attacker won’t be able to see your data as it travels to and from the websites you are using
Use a VPN to encrypt your data
Pay attention to any alerts that your device provides, and act on them.

If you have staff that have to travel, include information about this kind of attack in your regular cyber security awareness sessions.

Need help with any cyber security issues in your business? Contact the Click and Protect team on 0113 733 6230 or through our contact form.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

What are you signing up for?

What can you do to avoid an evil twin attack?

You might also be interested in: