Have you ever been on your phone and have seen a network called “Starbucks” or “McDonalds” pop up, only to connect without thinking about it? If so, you may have just given away your account credentials. This is an example of “phishing” at its finest – the spoofing of access points. A spoofed access point is often called an “evil twin.”
The person who created the fake network can then potentially collect information from any user that logs in as well as snoop on their internet traffic. In this article, we will discuss how to avoid being fooled by these schemes and what processes you should take to ensure they are connecting with trusted networks.
What you can do to avoid man-in-the-middle attacks from evil twins? Well, according to Titan HQ:
- Always ask the establishment what the name of the official hotspot is. This will prevent you from making incorrect assumptions and choosing a malicious hotspot.
- If the official hotspot you want to connect to has a key, try intentionally typing in the wrong key. If the connection accepts the blatantly wrong key, it is most likely an evil twin.
- Disable the “auto-connect” or “auto-join” functions for saved hotspots for all of your wireless devices. This is good advice period.
- You should also manually disconnect from a hotspot every couple of hours and manually reconnect to your desired hotspot and type in the password to confirm the connection.
But what else can you do to protect yourself?
1) Use a VPN – The mobile interface, unlike the desktop version, hides a number of red flags that might indicate a phishing scam. Users on desktops may check the validity of a website address by hovering their cursor over it to see if it’s real. This is not possible on mobile devices, however. A Virtual Private Network (VPN) can assist you to protect yourself from hidden threats.
2) Make use of “air-gapped” backups – What’s an air-gapped backup? An air-gapped backup is a backup of your data that is not always connected to the source device, such as your phone. This is an important step in protecting yourself from mobile phishing schemes, as it’s one way to make sure your data is not compromised if you happen to connect to a fake network.
3) Don’t install suspicious apps – This one might sound simple but scammers work very hard to make sure their “fake” apps look like legit apps. If the app is not available in your country’s App Store, it may be suspect. Also, look out for “update” notifications on apps you have already installed. These could indicate new permissions being requested from a fake update to get access to more information on your device
4) Bookmark legit sites – When visiting sites on your phone, once you’ve confirmed a site is legitimate, bookmark it. Scammers frequently manipulate search results, oftentimes leading you to the wrong sites.
5) Employ endpoint protection for your mobile device – This is an important step in safeguarding your device from malware that could be used for phishing schemes. However, don’t trust free solutions on your app store. Connect with a trusted technology consulting source to properly protect your mobile devices.
6) Take part in Security Awareness Training – In general, users should be taught how to spot possible phishing attempts and avoid them. Ongoing training ensures you’re trained to identify the growing range of threats.
What is Security Awareness Training, you may ask? In a nutshell, Security Awareness Training is the process of educating employees about potential cyber threats and how to spot and avoid them.
Phishing schemes are becoming more and more sophisticated as time goes on, so it’s important for users to be aware of these dangers. By following the tips mentioned in this article, you can help protect yourself (and your company) from becoming compromised.
Ready to take part in Security Awareness Training? Simply click this link and reach out to us via our contact form and we’ll get the process started!