'It's extremely easy': Man accused of stealing airline passengers' personal information by using 'evil twin' Wi-Fi scam on flight — how to protect yourself (and your money)

Such activity — when a bad actor sets up an imposter internet connection to gain access to sensitive data — is known as an “evil twin” Wi-Fi attack. It’s not just your email and social media connections that could be at risk. A hacker engaging in this type of activity may also be able to steal sensitive financial data and other information that could be used to steal your identity.

“It’s extremely easy,” Adrianus Warmenhoven, a Nord VPN security adviser, told NBC Bay Area.

Although the idea of getting your information stolen from a Wi-Fi connection is terrifying, you have more control over your identity than you realize. Experts say the best way to protect yourself from an evil twin attack is to know the signs and prevent it before it even happens.

Why evil twin attacks are successful

Police allege the man used a portable wireless device to create evil twin Wi-Fi networks at multiple locations. These attacks commonly occur at places we connect to Wi-Fi, such as coffee shops and airports, because users trust that their devices are safe there. So comfortable are people when visiting these places, they often don’t think twice about connecting to the internet.

That’s where the danger begins. According to NordVPN, an attacker who wants to get your information will set up their own hotspot with a similar or identical name as the authentic access point — thus becoming the “evil twin.” From there, they count on users connecting to the imposter signal.

Once connected, a user’s activity can be monitored and recorded. If you were to connect to a social media account, then check a transaction at the bank, followed by texting a family member, the attacker may be able to see all of that, and now they have several pieces of personally identifiable information about you. This information can be used to break into your financial accounts or be put up for sale on the “dark web.”

Safeguarding yourself from an attack

While evil twin attacks are a real threat, there are steps you can take to prevent yourself from becoming a victim. The first thing to do is be aware of your digital surroundings and always double check a network ID matches the one named by the venue. It may also be wise to disable auto-connect for networks or even turn off the Wi-Fi feature on your phone or laptop when you’re not using it.

If you don’t recognize the login process for a network you are used to connecting to, might not be legitimate. Ask an employee to confirm if you suspect anything. A legitimate network won’t ask you to log in using your email or social media accounts to access the internet.

In addition, using different passwords for different websites can help reduce your overall risk of having sensitive information stolen. It’s also a good idea to use multifactor authentication where available.

Should you suspect that you’ve been a victim of an evil twin attack, the first step is to disconnect from the network immediately. Change any affected passwords to help prevent unauthorized access to your personal accounts. It’s also a good idea to monitor your accounts for any suspicious activity afterward, just in case.