The ease of creating a fake hotspot is one reason fraudsters keep doing it. "There are freely available tools that allow someone to easily turn their laptop into a Wi-Fi hotspot," said says Gary Davis, chief consumer security evangelist for Intel Security.
The other is that we keep falling for it. "There are so many free public Wi-Fi locations that users have become too comfortable joining them," says Irvine.
It's become such a part of our daily lives -- especially if we travel and are always looking for free Wi-Fi -- that we don't always question that any network, especially one with a name related to a specific event, is there for any other reason than to make our lives more convenient. Time is a factor, too -- and that we don't think we have enough of it to check, especially if we're trying to log on before going onto a zillion other things. "We are always in a hurry and often don't take the time to consider if a Wi-Fi is malicious or fake. We tend to click on the top free link," says Davis.
Here's what hackers are after if they get you to hook into their fake Wi-Fi network: Everything.
"First, hackers perform Man in the Middle (MitM) attacks, which allows them to copy 100 percent of all traffic that goes from the devices to and from the Internet," says Irvine. "Although some of this traffic may be encrypted if the user is using HTTPS when connecting to websites, much of the data is still readable."
Once in, they can do just about anything. "They can also use the connection to tunnel into your device to access files, drop malware and other bad things," says Davis.
From there, the world is their oyster, says Orlando Scott-Cowley, cyber strategist forMimecast. "Your personal information, the services and apps you use and the types of devices you use are all easily detected during these attacks." And once they have this information, they have the keys to your kingdom - and will sell to anyone who will pay enough to own them.
Just consider what Avast found out while using its fake Wi-Fi hotspots: 38.7 percent of lures have Facebook or the Facebook messaging app; 13.1 percent accessed Yahoo Mail, 17.6 percent checked Gmail, and 13.8 percent used chat apps like WhatsApp, WeChat or Skype. If the hack had been real, scammers would have had gained access to any of those systems (.24 percent of users also logged into porn sites).
That's bad for you, but the stakes get even higher if you're on a work device and have sensitive information stored there.
Sign up for Computerworld eNewsletters.