Access Point Spoofing: How scammers steal money using free Wi-Fi in airports. Stay alert to protect your personal information and finances while traveling.

FREE, BUT VERY VULNERABLE

Sitting in a café while waiting for your flight at the airport or logging miles on a treadmill at the gym, it’s very convenient to stay updated and connect on social media using free internet access provided by many organizations, commonly known as Wi-Fi. However, this is far from safe—you could inadvertently connect to an illegal channel created by criminals disguised as a legitimate access point.

The airport administration of Sheremetyevo recently issued a warning about the dangers through their social media channel.

So, what exactly is the danger, and how real is it?

- Generally, free internet in public places is very vulnerable, - said Alexander Tokarenko, a member of the Association of Information Security Service Leaders, to KP.RU. - This type of fraud, where a false access point is created disguised as a legitimate one, has been around for about 15 years. Through it, criminals can intercept passwords and personal data. Some channels, like Telegram, are relatively secure, as information is transmitted in an encrypted format. But when you use regular internet access via free Wi-Fi, the information is exposed. If it passes through a fraudulent network, it can be tracked, recorded, analyzed, and your data can be compromised.

Free internet in public places is very vulnerable

Photo: Shutterstock.

THE TECHNOLOGY OF DECEPTION

In practice, it looks like this.

- For example, you’re at the airport entering the access code for your mobile banking app, - the expert explains. - You press the numbers, and see asterisks on your screen. But if you’re connected to a fraudulent network, its operator sees not asterisks, but the actual password numbers and the specific bank. All of this is “linked” to your phone, which you enter to authenticate in the fraudulent network, believing it to be legitimate.

But isn’t there identification in banking apps that tracks the correspondence between the mobile phone and the password—how do the scammers bypass this?

- It’s not a problem for them, - says Tokarenko. - They can use a commonly employed tool among scammers—the number spoofing function. Whether a banking security program will expose such a maneuver is a big question. You won’t even know when the criminal accesses the bank, supposedly from your phone, and provides your password.

This won’t happen right on the spot—typically, there’s no personal surveillance of a specific individual in real-time, but rather a large array of users is analyzed, their actions are monitored, and then suitable victims are selected.

However, if double authentication is provided, meaning not only through a password but also via an SMS message from the bank, it will be more challenging to deceive the security: the SMS will come to the actual number, not a duplicate.

Double authentication is a good defense against scammers

Photo: Shutterstock.

Another danger of a fraudulent access point is that various phishing links may be sent to your mobile device. Clicking on them could grant criminals access to the information stored on your device. For example, links to sites with free movies—this type of entertainment is very popular among passengers waiting for their flights.

SECURITY WON’T PROTECT YOU

What about the airport security service—how do they allow cybercriminals to infiltrate? To set up an illegal access point, you don’t need to bring bulky equipment into the airport; a smartphone or laptop is sufficient, the expert states. This device can serve as a Wi-Fi access point.

But the device already has a designation set by the manufacturer; how can it be transformed to have the name of Sheremetyevo? It turns out, that’s not a problem either.

- There are special programs that allow you to distribute Wi-Fi under another name—at least the name of the airport or hotel, adding some attractive word, such as free, - Tokarenko explains.

There are special programs that allow you to distribute Wi-Fi under another name, adding some attractive word, such as free

Photo: Shutterstock.

However, not many users can connect to a phone or tablet at once, for instance, only 5-7. How do scammers ensure a broader reach?

- There’s also special software that allows increasing the number of users, - says Tokarenko.

HOW TO PROTECT YOURSELF

- Find out the official name of the network—it’s usually displayed prominently. If it’s not there, ask an employee.

- When making payments, it’s better to switch to your mobile internet, and generally, it’s safer to use your own SIM card.

- In places with free Wi-Fi, maintain information hygiene—avoid unfamiliar websites and do not share your personal data.

- For payments through mobile banking in areas with free internet, it’s advisable to use an account with a minimal amount of money, the loss of which won’t significantly impact your budget.