An Evil Twin Can Mean Identity Theft When Connecting to Public WiFi

Our portable connected devices – that’s our smartphones, tablets and laptops – let us stay connected to our world virtually any where we go.

Of course, when we’re away from the comforts and speed of our home broadband connections, or maybe don’t have one, we have to find another connection that will link us to the web.

I have come to prefer using my cellular data connection for web access, often creating a “personal hotspot” with my smartphone or tablet, but realize many rely on public WiFi.

You can walk into any coffee shop, fast food outlet or even automobile service shop and see signs indicating how to connect to their WiFi and often several patrons taking them up on the invitation.

Hey, the convenience can’t be beat. Unfortunately, it also makes it convenient for hackers to trick you into giving them access to some of your most sensitive information.

Senior Care CornerĀ® has long been encouraging family caregivers to help senior loved ones get active online for the benefits the web has to offer. With that comes a responsibility to help seniors feel safe and secure in doing so or they may turn their backs on technology that can add much to their lives.

Free Public WiFi Can Be Expensive

It wasn’t long ago that a dining or retail establishment or even an airport or hotel offering free Wifi stood out. Now it’s the ones who don’t offer WiFi or, seemingly worse, charge for the service, that stand out.

Yes, we have come to view the convenience of being able to connect to the web whenever and wherever we want as a necessity — not unlike being able to flip a light switch and see the room light up.

Not having to pay for WiFi doesn’t necessarily mean it’s totally free to us, though.

We’ve long been told of the dangers associated with connecting to unsecured public WiFi signals, that we should assume someone is “listening” and avoid entering passwords or other sensitive information.

Criminals have found another way to reach into our devices at those free WiFi locations, unfortunately.

Now we can’t — or at least shouldn’t — assume we are actually logging into the the WiFi service our host is making available for our use.

TV Depiction of Twins That Are Truly Evil

As a fan of the original CSI series on TV and a lover of technology, I was guaranteed to watch CSI: Cyber when the series debuted not long ago. While both entertaining and thought-provoking, the series can really get into the head of those – such as some of our senior loved ones – who are already worried about the dangers associated with using technology and venturing onto the web.

A recent episode highlighted some of the worst that using public WiFi has to offer, including the potential to log into an “Evil Twin” signal that, in the show at least, could result in enough mischief to get someone wrongly accused of murder.

When I see a show like that, I wonder if many viewers see the technology stunts as possible or more of something out of science fiction.

How many seniors who are new to technology (or not even using it) see shows like that as validating their hesitation about getting involved with tech at all?

I hope family caregivers are there to set them straight!

Getting Sucked in By an Evil Twin

free coffee shop wifiHave you looked for WiFi signals at a favorite eatery or elsewhere and found the establishment’s name plus a number of other signals, some as strong as or stronger than that of the establishment? Some of those might be the WiFi hotspots of neighboring businesses but others are likely the personal hotspots of individuals’ devices.

What’s a personal hotspot? That’s what it’s called when you set up your smartphone or tablet (with cellular data) to allow other devices to access the web using your mobile device’s cellular data signal — and data plan.

It is with personal hotspots that criminals can lure us into trouble. How? When a mobile devices is activated as a personal hotspot, one can designate the name and password used to access the signal. Someone trying to draw in users for nefarious purposes might use the same name as the hotspot for the establishment.

A criminal seeking to mislead WiFi users by masquerading as the establishment’s signal — an evil twin — might locate their device close to targeted users, making the signal stronger for those users than the legitimate WiFi signal.

It’s only natural to expect two signals with the establishment’s name are both there for customers — and just as natural to attach to the stronger signal. That’s the hook the criminal uses.

If you attach to a personal hotspot for your web access, that access is going through the phone or tablet that is the source of the hotspot, meaning all of your web activity goes through that device. It’s not difficult to imagine the potential damage a criminal could do if they get to see our account IDs, passwords, etc., is it?

Protection from Evil Twins

The steps we can take for protection from evil twins — or, more accurately, from the criminals using them — are the same safe surfing advice we hear all the time.

When using public WiFi…

  • Always look for “https” in the address line of a website being visited
  • Don’t access financial, healthcare or other sensitive accounts
  • Avoid entering a password for any account
  • Don’t send an email or make a post to a social network that you wouldn’t want to see shared with the public
  • Resist the urge to open email attachments or click links in emails that you are not 100% certain are what you think they are
  • Use a virtual private network (VPN) to access your workplace network, if it has one
  • “Forget” a public WiFi network when you are through using it by going into your settings so your device doesn’t automatically connect next time you are in range

Remember, it’s not enough to check the name of the WiFi signal, as it may lead to connecting with an evil twin using the same name.

Avoiding Evil Twins and Their Problems

The only 100% safe way to avoid public WiFi problems, including evil twins, is to avoid connecting to it at all.

I realize that’s easier said than done and, for some at least, not possible.

For those who can do it, using cellular data to access the web lets you avoid evil twins altogether and makes using the web away from home more straightforward for those who aren’t the most tech savvy, which may include your senior loved ones.

Data usage can be kept to a minimum by saving the download or streaming of video and other large files for later and keeping video calls, such as those using FaceTime and Skype, short.

Laptops or tablets without cellular modems and data plans can connect using your, or a friend’s, smartphone or tablet with the personal hotspot activated.

This is a safe use of a personal hotspot, as long as you ensure the personal hotspot’s password is strong to avoid that being hacked, too.

Remember, we need to help our senior loved ones, especially those new to mobile technology, feel safe and confident using their devices. There are many life and health benefits they will get from mobile, now and even more so in the future, but only if they use it.