It was an early morning at Sydney airport, and I was juggling a bunch of deadlines, a few last minute phone calls and working out where to get a coffee that would cost me less than my last mortgage interest rate hike.
Distracted, I flipped open my laptop to move a bit of money into a different account so I’d have enough cash to pay for said astronomical coffee and a few other things.
I remember the Sydney Airport Wi-Fi login process looking a bit weird. The security question asked simply “Where are you travelling to?” and unthinkingly I typed in “London” and the Wi-Fi connected right away. It did seem odd. Normally you need to tick boxes about consenting to the airport using or not using your information, or to understanding their terms and conditions. Whatever. I was in a hurry and where the hell was that coffee.
A few days after arriving in the UK, I checked my bank statements online and noticed a charge made in the past 24 hours that I didn’t recognise: apparently I’d spent $43.10 on Guzman y Gomez Mexican takeaway. I couldn’t remember a time I’d ever eaten at Guzman y Gomez (no offence – I’m sure it’s great, but I make a mean guac at home) and I certainly hadn’t ordered it while flying thousands of kilometres above the earth.
Confused, I rang my bank. They confirmed that the charge had been made not with a physical card but online.
I remembered the weird Wi-Fi login and the bank staff member agreed that I’d likely the victim of a hack.
“Is this how it usually begins?” I asked. “They charge something small like a fast food restaurant to see how it flies?”
“I haven’t seen this particular retailer before but yes, I’ve seen McDonalds, I’ve seen Kmart,” she replied. “I’d say that’s what’s happening.”
She advised I put a hold on my card to prevent it being used again and then cancel it and get it re-issued once I returned home.
Turns out getting scammed via airport Wi-Fi is remarkably common. You’ve probably had the experience of flipping open your Wi-Fi settings in a strange airport and seeing dozens of options appear, many which look confusingly similar. Perhaps there’s a SYD-AIRPORT but also a SYD-AIRPORT5G and a SYD-AIRPORT-FAST.
Many of these accounts could be what is known as ‘Evil Twin’ scams.
According to identity protection experts Okta, Evil Twin scams in airports (or other public spaces) work when a hacker sets up an account that looks very similar to the airport’s official account. Distracted, tired travellers log into those Wi-Fi accounts in error and unknowingly give away access info (in my case when I typed in the word ‘London’). From there, the hacker could see anything that I did online during that time.
“Customer participation is critical in an evil twin WiFi attack,” according to the Okta folk. It was a good day for that hacker, as I obediently participated.
So what could I have done to better protect myself? First, I should have been much more vigilant about which Wi-Fi I logged into, and been sure that I was only logging in to the official Sydney Airport account (which is, for the record, labelled -FREE SYD WiFi-).
And secondly, no matter how confident I was about my connection, I never should have logged into anything sensitive such as internet banking or anything else that required a password. “Public Wi-Fi ‘hotspots’ in places like cafés, airports, hotels and libraries are convenient, but they can be risky,” according to a spokesperson from the Australian Cyber Security Centre. “It’s easy for information sent using public Wi-Fi to be intercepted, so you need to be careful about what information you send or receive while connected.
“Your internet connection is a way for you to interact with the outside world, but it also provides a channel into your computer. If your internet connection isn’t secure someone may use it to steal your personal or financial information for malicious purposes. Avoid sending or receiving valuable or sensitive information when connected to public Wi-Fi networks.”
Well, I guess I know that now.
Another option worth considering is setting up a high-quality VPN (virtual private network) that would have encrypted my data, making it impossible for a hacker to access even if they’d broken into my system.
You never think a hacker or scammer is going to get you – or at least I don’t. Of course I had a vague idea that public WiFi isn’t watertight, but for the most part I sail through the universe thinking that the world is so jam packed full of data and info, what are the odds that anyone would want mine?
Turns out that this is exactly the attitude that will get you hacked, and a hacker a nice feast of burritos at Guzman y Gomez. Now I just have to hope that my hack doesn’t escalate beyond that.
Click Here For The Original Source.
