Fake Wi-Fi hotspots in Australian airports threaten data security

A recent incident in Australian airports highlighted the issue of insecure Wi-Fi networks, particularly in public places. Free Wi-Fi networks were reportedly set up with malicious intent to steal confidential data from users. To understand the risks and mitigation measures, SearchInform's leading analyst, Sergio Bertoni, shared his insights.

Bertoni explained that fake Wi-Fi networks are typically created to illicitly access users' personal accounts, such as email or social networks, which often have payment services linked to them. "Gaining control over just one service connected to a personal account, such as email, allows fraudsters to significantly broaden the scope of their malicious activities," he said.

According to Bertoni, the most benign outcome of connecting to a fake network would be having one's account included in a spam newsletter list. However, much more severe consequences are possible, including the unauthorised change of passwords for various services, the spread of phishing emails and malicious attachments, remote control over victims' devices, and access to critical data stored in the cloud.

Bertoni emphasised that the ultimate aim for fraudsters is monetary gain. "Intruders attempt to monetise all the data they manage to obtain. They can do it in various ways, e.g., by gaining access to the victim’s bank accounts, by selling the stolen data on the darknet, or by blackmailing the victims," he explained.

Describing the modus operandi of fraudsters, Bertoni noted that there are no sophisticated technical tricks involved. "Fake Wi-Fi hotspots are quite similar to phishing sites. The core of this tactic is social engineering. The owners of fake Wi-Fi hotspots gain the trust of users by posing as legitimate services," he said. This trust leads users to input confidential data such as logins, passwords, or verification codes sent via messengers. Ultimately, this grants fraudsters access to these accounts, allowing them to reassign victims’ accounts to different numbers or change their passwords. Consequently, legitimate owners lose access to their accounts and services.

When it comes to detecting fake Wi-Fi networks, Bertoni indicated that there are no universal or definite attributes to rely on. Entities like airports, public transportation, hotels, and restaurants typically have a user authorisation procedure for public Wi-Fi. He advised users to be cautious if they notice anything suspicious during authorisation, such as receiving an access confirmation code through a social network instead of SMS. "Any deviation from the algorithm you are used to should be considered an alert," he warned.

For users who do connect to public Wi-Fi, Bertoni suggested several guidelines to mitigate risks. Firstly, ensure that the Wi-Fi hotspot belongs to a legitimate organisation by checking with official resources or staff members. If discrepancies are found, it is better to stop connecting. Secondly, avoid entering credentials on unverified websites. Thirdly, implement two-factor authentication, set a cloud password, or use other layers of protection to secure accounts. Lastly, domain checkers should be utilised to verify the authenticity of services requiring authorisation via open Wi-Fi; newly registered services should be considered alarming.

While the safest option is to avoid connecting to free public Wi-Fi networks altogether, following these guidelines can significantly reduce the associated risks. Bertoni's key message to users is to "stay vigilant and surf the Internet safely."