Man Accused of Stealing Airline Passengers’ Personal Information by Using ‘Evil Twin’ Wi-Fi Scam on Flight — How to Protect Yourself (And Your Money)

Businessmen work on their wireless devices during a flight.

DC_Studio / Envato

While we adhere to strict editorial guidelines, partners on this page may provide us earnings.

Joe Cortez

Updated Sep 26, 2024

Joe Cortez

Updated Sep 26, 2024

Imagine rolling into an airport, trudging your way through security and navigating a labyrinth of gift shops before finding your gate, boarding your flight and sinking into your assigned seat. After settling in, your next step may be to whip out your phone and access the free Wi-Fi. Only this time, the signal isn’t a legitimate connection and your personal information has been swiped.

This may have been the case in Australia, where authorities arrested and charged a 42-year-old man in May for allegedly establishing fake free Wi-Fi access points that mimicked legitimate networks to record personal information from victims who mistakenly connected to them. The news came after an investigation was launched in April following an airline’s report of a suspicious Wi-Fi network identified by employees during a domestic flight.

Such activity — when a bad actor sets up an imposter internet connection to gain access to sensitive data — is known as an “evil twin” Wi-Fi attack. It’s not just your email and social media connections that could be at risk. A hacker engaging in this type of activity may also be able to steal sensitive financial data and other information that could be used to steal your identity.

“It’s extremely easy,” Adrianus Warmenhoven, a Nord VPN security adviser, told NBC Bay Area.

Although the idea of getting your information stolen from a Wi-Fi connection is terrifying, you have more control over your identity than you realize. Experts say the best way to protect yourself from an evil twin attack is to know the signs and prevent it before it even happens.

Why evil twin attacks are successful

Police allege the man used a portable wireless device to create evil twin Wi-Fi networks at multiple locations. These attacks commonly occur at places we connect to Wi-Fi, such as coffee shops and airports, because users trust that their devices are safe there. So comfortable are people when visiting these places, they often don’t think twice about connecting to the internet.

That’s where the danger begins. According to NordVPN, an attacker who wants to get your information will set up their own hotspot with a similar or identical name as the authentic access point — thus becoming the “evil twin.” From there, they count on users connecting to the imposter signal.

Once connected, a user’s activity can be monitored and recorded. If you were to connect to a social media account, then check a transaction at the bank, followed by texting a family member, the attacker may be able to see all of that, and now they have several pieces of personally identifiable information about you. This information can be used to break into your financial accounts or be put up for sale on the “dark web.”

Invest in real estate without the headache of being a landlord

Imagine owning a portfolio of thousands of well-managed single family rentals or a collection of cutting-edge industrial warehouses. You can now gain access to a $1B portfolio of income-producing real estate assets designed to deliver long-term growth from the comforts of your couch.

The best part? You don’t have to be a millionaire and can start investing in minutes.

Learn More

Safeguarding yourself from an attack

While evil twin attacks are a real threat, there are steps you can take to prevent yourself from becoming a victim. The first thing to do is be aware of your digital surroundings and always double check a network ID matches the one named by the venue. It may also be wise to disable auto-connect for networks or even turn off the Wi-Fi feature on your phone or laptop when you’re not using it.

If you don’t recognize the login process for a network you are used to connecting to, might not be legitimate. Ask an employee to confirm if you suspect anything. A legitimate network won’t ask you to log in using your email or social media accounts to access the internet.

In addition, using different passwords for different websites can help reduce your overall risk of having sensitive information stolen. It’s also a good idea to use multifactor authentication where available.

Should you suspect that you’ve been a victim of an evil twin attack, the first step is to disconnect from the network immediately. Change any affected passwords to help prevent unauthorized access to your personal accounts. It’s also a good idea to monitor your accounts for any suspicious activity afterward, just in case.

The richest 1% use an advisor. Do you?

Wealthy people know that having money is not the same as being good with money. Advisor.com can help you shape your financial future and connect with expert guidance . A trusted advisor helps you make smart choices about investments, retirement savings, and tax planning.

Try it now

Joe Cortez Freelance contributor

Joe Cortez is a freelance contributor to Moneywise.

Explore the latest articles

5 money moves for 2025

It's never too late to get started

Em Norton Staff Writer

Rashida Tlaib blasts Congress for war funding

Vishesh Raisinghani

Bill Gates Still Regrets Dropping Out of Harvard

Victoria Vesovski

Musk says he'll run 'DOGE dividend' past Trump

Jing Pan

Disclaimer

The content provided on Moneywise is information to help users become financially literate. It is neither tax nor legal advice, is not intended to be relied upon as a forecast, research or investment advice, and is not a recommendation, offer or solicitation to buy or sell any securities or to adopt any investment strategy. Tax, investment and all other decisions should be made, as appropriate, only with guidance from a qualified professional. We make no representation or warranty of any kind, either express or implied, with respect to the data provided, the timeliness thereof, the results to be obtained by the use thereof or any other matter. Advertisers are not responsible for the content of this site, including any editorials or reviews that may appear on this site. For complete and current information on any advertiser product, please visit their website.

†Terms and Conditions apply.

This is an exclusive story from our newsletter — subscribe for more

'It's extremely easy': Man accused of stealing airline passengers' personal information by using 'evil twin' Wi-Fi scam on flight — how to protect yourself (and your money)