IPHONE and Android owners have been warned about a vicious Wi-Fi attack that allows hackers to sneak into their social media accounts.
The sinister scheme can catch anyone out when they’re trying to connect to free Wi-Fi networks seemingly from restaurants, coffee shops and even from plane when travelling Wi-Fi.
Hackers set-up a fake Wi-Fi network using brand names near legitimate businesses offering Wi-Fi in a bid to dupe them into connecting to it.
Once connected, all the victim’s data they share with the network passes through a server controlled by the attacker.
And in some cases they may ask you to sign in using your social media account or Gmail – but doing so just gives away your precious password.
Experts have dubbed the attack as the “evil twin”.
“Unfortunately, evil twin Wi-Fi access points are difficult to detect without specialized sniffing tools,” NordVPN says.
“However, some signs may reveal an evil twin attack and help you avoid fishy connections.”
1. Check the network name
Make sure the network name you’re attempting to connect to matches the one named by the venue host.
If you see duplicates this could be a sign that someone has set up a fake.
Most read in Phones & Gadgets
If you’re unsure, ask the staff to verify the name of the Wi-Fi network.
2. Watch out for login screens
Some Wi-Fi networks require you to sign up or register.
But they shouldn’t ask for lots of personal details – and certainly not financial details.
You shouldn’t have to provide a username and password for your social network accounts to gain access either.
“Legitimate networks usually don’t ask for login credentials unless it is a captive portal, for example, in a hotel or airport,” NordVPN says.
3. Keep an eye on the connection
If you’re getting error messages while connected to a public network or if it’s frequently disconnecting this might be due to an evil twin.
“Such issues may be caused by an attacker trying to intercept or redirect your traffic,” NordVPN explains.
How to spot a dodgy app
Detecting a malicious app before you hit the ‘Download’ button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.