The Australian Federal Police have charged a man for setting up fake free WiFi access points in order to steal personal data from people.
The crime was discovered when an airline reported a suspicious WiFi network identified by its employees during a domestic flight.
When the alleged perpetrator landed at Perth airport, his bags were searched and authorities found a portable wireless access device, a laptop, and a mobile phone in his hand luggage.
The police say that the man, 42, used a portable wireless access device to create 'evil twin' free WiFi networks; so called because criminals set up free WiFi access points that mimic the name of legitimate public WiFi networks.
Those details were then allegedly saved to the man's devices.
The email and password details harvested could then be used to access more personal information, including bank accounts, emails and messages, photos and videos, and more.
AFP cybercrime investigators have identified data relating to the use of the alleged fraudulent WiFi pages at airports in Perth, Melbourne and Adelaide, on domestic flights, and at locations linked to the man's previous employment.
The investigation is ongoing but the man can expect to face nine charges for the alleged cybercrime offences.
Cybercriminals favour places where people expect to have free WiFi, such as airports, planes, coffee, shops, and libraries.
The attacker finds the legitimate network name-known as the SSID-and creates an access point with the same name.
Access points and wireless router networks broadcast their SSIDs to identify themselves, but the identifiers are not unique.
Your device can connect to any SSID if the network has no security options enabled, and it will not be able to differentiate between the legitimate and the fake one.
Evil twin attacks are based on the fact that when two networks have the same SSID and security settings, your device will either connect to the one with the strongest signal or the one it sees first.
There are a few things you can do to protect yourself against this kind of attack.
Firstly, do not allow your device to auto-connect to public or unsecure networks.
To connect to a free WiFi network, you shouldn't have to enter any personal details-such as logging in through an email or social media account.
Install a trusted VPN to encrypt the traffic regardless of the network you are using, and even when you're not visiting websites that HTTPS which encrypts the traffic between a browser and the website.
My personal favorite: Use your own personal hotspot.
I use a portable 5G Mifi router, which provides me with reliable high-speed WiFi throughout my domestic journeys.
Settings > Wi-Fi. Tap the next to the network name and then toggle off Auto-Join.
This Cyber News was published on www.malwarebytes.com. Publication date: Mon, 01 Jul 2024 16:43:06 +0000