A fake Wi-Fi hotspot, or “Evil Twin” hotspot, is a Wi-Fi access point set up by a hacker or cybercriminal that mimics a legitimate hotspot including the service set identifier (SSID) provided by a business that is nearby, such as a coffee shop or hotel that provides free Wi-Fi access to its customers.
Is fake Wi-Fi really a problem? Yes, it is.
Below is an example from our colleagues at IT in São Paulo, who have first-hand experience with fake Wi-Fis:
The Restaurant Wi-Fi Scam
Recently, we've seen an increase in reports of cyberattacks known as "Wi-Fi scams" in a variety of establishments, including restaurants. The “modus operandi” of this scam involves creating fake/malicious Wi-Fi networks with names that resemble legitimate networks. Please make sure to be aware of the risks and know how to protect yourself. It happened to one of our collaborators who almost suffered financial losses.
How the scam works:
- Criminals create fake Wi-Fi networks with names similar to those from legitimate establishments.
- These fake networks can have stronger signal, luring users to connect. Most of the time, they are unprotected networks. (They are even using a 4G/5G blocker to force the people to use the Wi-Fi).
- Once people are connected to these fake networks, criminals can intercept their data, including personal information, passwords, and bank details, through applications that can monitor users’ phones in real-time.
- For users who have the second layer of protection like biometrics, they call the users pretending to be a real bank, telling people that a possible scam is in progress, and asking them to check their account to look for suspicious activity.
- Afraid of the “real bank” calling about the scam, people end up quickly accessing their cellphone to check the account, re-entering the password and biometrics, and by that: completing the access cycle for the scammer.
IT recommendation: Always use 4G/5G for internet connection if you are not sure if the available Wi-Fi can be trusted.
