How to Make Sure the Public Wi-Fi Network You’re Connecting to Is Legitimate
When you’re away from home or the office, you often need to connect to Wi-Fi – whether it’s to check email, write a report, download a Spotify playlist, or just browse social media aimlessly.
And many public places, from bars and restaurants to shops and even transport hubs, now have Wi-Fi. These networks are easier than ever to find, and they’re much more reliable and secure than they used to be (nobody wants to get into trouble because their Wi-Fi is hacked).
But even with security improvements in recent years, there’s one key Wi-Fi security issue to be aware of when connecting to networks outside your home: fake or “evil twin” Wi-Fi hotspots set up by attackers . They can trick you into connecting to them, then steal your data while you’re using the network.
How does fraud work?
Setting up a public Wi-Fi network is easy: you can buy a mobile Wi-Fi hotspot , set it up with a SIM card or eSIM, and create a network that way. Alternatively, you can simply use your phone or laptop with cellular support to then create a Wi-Fi network for the entire world.
Let’s say you do this while sitting in a hotel lobby or coffee shop, and give the network an innocuous name like “GUEST_WIFI.” Chances are, several people in those locations will be looking for a Wi-Fi network to connect to, and they’ll probably choose yours, giving you some control over what those people do online.
At this point, any login information you provide to the fake Wi-Fi network could be intercepted by the network owner, especially if they redirect you to a fake login page that asks for specific credentials to proceed. In some cases, malware could be implanted on your devices.
To make the scam even more convincing, the fake Wi-Fi network is sometimes created with the same name and password as the real network, for example if these details are published somewhere. Depending on which network has the strongest signal, your devices may detect the untrusted Wi-Fi network first.
How to stay safe
In addition to simply being aware of this type of scam and being extra cautious, always connect to officially advertised Wi-Fi networks, such as those listed on signs, menus, guest information, and/or official websites. If in doubt, you can always check with a hotel employee, no matter where you are.
Be careful about connecting to any Wi-Fi network that doesn’t require a password without a good reason, especially if there’s no splash screen letting you know you’re in the right place (like a hotel or restaurant information page). Be aware of generic Wi-Fi network names that could be used anywhere.
If someone was trying to spoof the same Wi-Fi network as the official, legitimate one, then both networks should be listed as available on your device. In this case, it is highly recommended to avoid connecting to either one until you are sure which one is safe.
Many public Wi-Fi networks will greet you with a login or registration page, but fake bad guys will often ask for more information than necessary or ask you to sign in to some confidential account. They may look simple and hastily put together, with no official logos or information about where you are.
The standard rules for using public Wi-Fi always apply as well: banking and other sensitive tasks should be done over your home Wi-Fi, public Wi-Fi should be turned off when you’re done using your devices, all devices (and their browsers) should be updated, and one of the best VPNs should be used for extra protection when browsing the web.