Originally published on Medium on July 15, 2022
Author Harriet Kerubo
Growing up, I enjoyed watching Cartoon Network, more so, The Cramp Twins, a story of fraternal twins who were opposite of each other. Or were they? My favorite of the two Cramp brothers was Wayne, the naughty and energetic bully who fears swamps, lol. Well, this is not the evil twin we are talking about today.
Once not too long ago, my friend, who had been working from home for about 6 months, decided to have a change in her work environment. Given that she would need the internet, she conveniently chose a restaurant that provides free WIFI for their guests. She chose to visit a calm and serene restaurant in Westlands where she would sip their infamous fruit punch. When it was her turn to be served, she requested Strawberry punch and the WIFI password, which the server gladly offered.
She was quick to notice the smartly dressed, caramel skin toned, bearded man busy with his laptop at the opposite corner, three tables from hers. His laptop was the exact model and color as hers. I bet in her mind she was happy they were twinning, otherwise, she would not have mentioned that part of the story. He had a perfect smile. This she knew since he smiled at her several times when their eyes locked.
My industrious friend immediately got to work, taking few breaks to check out YouTube videos and her personal email. During her second break, her internet got disconnected, “So much for free WIFI,” she thought. Luckily, almost immediately, she saw two WIFI network names (Known as SSID), both belonging to the restaurant. As anyone else would, she connected to the one that had a stronger signal. Because she was on her third glass of fruit punch, and was craving some food, she logged in to her bank account to make some transfers that would facilitate her restaurant bill. After several hours of good ambience and a peaceful work space, she made her payments online, using her online banking account, and went home feeling full and satisfied with the day.
Few days later, she went shopping. Being as boujee and modern as she is, she does all her payments online or using her credit card. At the counter, she attempted to make payment but her credit card was declined. After several attempts, her face pink with embarrassment, she gave up and went to the bank to find out what the issue was. The shock that she got when she was told that her account was empty, almost gave her a direct ticket to heaven. She said that briefly, she saw the grim reaper waving at her from a close distance. Her bank statements showed that she had made several online transactions, including a vacation to Zanzibar.
Turns out Mr. smartly dressed was a hacker. He sat in the corner and created a WIFI hotspot with the same name as the restaurant, hence the name Evil Twin. That was the hotspot which my friend connected to and unknowingly. Mr. Smartly dressed took complete control of my friend’s WIFI connection. He had created several banking websites that impersonated popular banks in the country. Unfortunately, my friend connected, and logged in to one of these banking websites. During log in, the hacker was able to collect the banking credentials, then redirected my friend to the legitimate banking portal. She had no reason to be suspicious. Mr. Smartly dressed was able to get her banking credentials, and used them later to make transactions that emptied my friend’s bank account.
An Evil Twin is a rogue WIFI access point, that mimics a legitimate WIFI SSID. It is designed to lure you, an unwitting user to login to the rogue access point to a hackers’ advantage. Hackers use Evil Twin attacks to steal sensitive login credentials, which they might use to login to your accounts and conduct fraudulent activities. They may also sell these credentials in the dark web, rendering you a victim of more attacks. The hacker might also capture communications, for example banking transactions and channel the victim’s money to his account instead of the legitimate account. Using a fake portal, they might also steal credit card numbers from unsuspecting users, then purchase products and services online, clearing the victim’s account balance.
This is not to scare you from using public WIFI. Practicing caution and secure online activities will prevent you from all this heartache. Here is what you should do when you connect to public WIFI:
About the Author: Harriet Kerubo is a cyber security analyst with three years of experience in cyber Governance, Risk, and Compliance. She has specialized in information security audit and provides advice on the implementation of information security controls/ best practices.