Jump directly to the content

IPHONE and Android owners have been warned about a vicious Wi-Fi attack that allows hackers to sneak into their social media accounts.

The sinister scheme can catch anyone out when they're trying to connect to free Wi-Fi networks seemingly from restaurants, coffee shops and even from plane when travelling Wi-Fi.

Follow the three important tips below
1
Follow the three important tips belowCredit: Getty

Hackers set-up a fake Wi-Fi network using brand names near legitimate businesses offering Wi-Fi in a bid to dupe them into connecting to it.

Once connected, all the victim's data they share with the network passes through a server controlled by the attacker.

And in some cases they may ask you to sign in using your social media account or Gmail - but doing so just gives away your precious password.

Experts have dubbed the attack as the "evil twin".

Read more about Android

"Unfortunately, evil twin Wi-Fi access points are difficult to detect without specialized sniffing tools," NordVPN says.

"However, some signs may reveal an evil twin attack and help you avoid fishy connections."

(AD) FIND THE BEST BROADBAND WITH USAVE

Searching for the best broadband deal online can be a real hassle.

Save yourself the stress by using usave's comparison tool, which compares tariffs across a wide range of providers.

Click on the link below, and enter your postcode to see what's available in your area.

  • Compare broadband with usave - 

1. Check the network name

Make sure the network name you're attempting to connect to matches the one named by the venue host.

If you see duplicates this could be a sign that someone has set up a fake.

If you're unsure, ask the staff to verify the name of the Wi-Fi network.

2. Watch out for login screens

Some Wi-Fi networks require you to sign up or register.

But they shouldn't ask for lots of personal details - and certainly not financial details.

You shouldn't have to provide a username and password for your social network accounts to gain access either.

"Legitimate networks usually don’t ask for login credentials unless it is a captive portal, for example, in a hotel or airport," NordVPN says.

Google reveals clever trick to prevent thieves from emptying your accounts on the Android 15

3. Keep an eye on the connection

If you're getting error messages while connected to a public network or if it's frequently disconnecting this might be due to an evil twin.

"Such issues may be caused by an attacker trying to intercept or redirect your traffic," NordVPN explains.

How to spot a dodgy app

Detecting a malicious app before you hit the 'Download' button is easy when you know the signs.

Follow this eight-point checklist when you're downloading an app you're unsure about:

  1. Check the reviews - be wary of both complaints and uniformly positive reviews by fake accounts.
  2. Look out for grammar mistakes - legitimate app developers won't have typos or errors in their app descriptions.
  3. Check the number of downloads - avoid apps with only several thousand downloads, as it could be fake.
  4. Research the developer - do they have a good reputation? Or, are totally fake?
  5. Check the release date - a recent release date paired with a high number of downloads is usually bad news.
  6. Review the permission agreement - this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
  7. Check the update frequency - an app that is updated too frequently is usually indicative of security vulnerabilities.
  8. Check the icon - look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.

All of this information will available in both Apple's App Store and the Google Play Store.

Topics