How do freelancers fall victims to evil twin attacks?
Freelancers, amongst other professionals, are most likely to get trapped by evil twins because they love working from ‘anywhere’ and handle huge amounts of client data. They work with companies from distinct regions of the world, sign contracts, communicate through unencrypted platforms, and most importantly, connect their devices to ‘free’ Wi-Fi access points. These are weak networks and have thousands of active users all the time, half of which are there to only monitor other users’ online behavior and snap the thread once they sniff sensitive information. Public Wi-Fi networks, especially open platforms, become the biggest source of the ransomware, adware, and spyware.
What do Evil Twin Attackers do?
Once evil twin attackers obtain sensitive data, they choose to misuse it for countless illegal and unethical purposes. Here is what they can do to your data and identity.
⦁ They can plant malware in your laptop, get hold of your client’s data, block access for you or your client, reach out to the client directly, threaten and demand a ransom. Not only this, they can impersonate your digital identity and blackmail your client.
⦁ Cyberattackers who want to cause you serious financial damage can extract financial information from your freelance portals or your banking website. They can then choose to withdraw money, make hefty purchases using your credit card number and CVV, subscribe to premium services, apply for loans, and open bank accounts.
⦁ If a company has provided you access to their official employee portal and you end up leaking your credentials in a data breach, the attacker can view your personal and professional information, view the job roles of your team members, expose your user IDs and passwords on open platforms and sell your company’s data on the dark web or to third-party advertisers.
⦁ When you access email accounts on a public account without a VPN, an intruder or network manager can read your emails and view your attachments. So if you have a spreadsheet that contains your partners’ information, the salaries and contact numbers of your employees, and their banking credentials, your freelancing career can soon turn into a nightmare.
⦁ Hackers only need some parts of your digital footprints with your online identity to initiate and fund serious terrorist activities. So after blocking access to your social media account, you can expect the hacker to either cyberstalk other victims, cyberbully different geographic and diverse ethnic groups, register on adult websites and subscribe to other dangerous platforms.
Protect Yourself from Evil Twin Attacks
While public Wi-Fi networks are vulnerable and can introduce you to serious cyberthreats, freelancers can not completely ditch them for they come in handy for urgent tasks. But there are certain cybersecurity standards you can follow and develop internet browsing habits to protect yourself from evil twin attacks and data breaches. Here are 6 steps you can take today to protect yourself from Evil Twin attacks and other cyberthreats
Verify Credentials when using Public Wi-Fi.
Shopping malls, public libraries, and airports usually display their Wi-Fi credentials on LEDs, billboards or noticeboards. Hotels and restaurants provide the login details in black and white: either on the welcome brochures or menu cards. When you scan for a Wi-Fi network, match the SSID (the network name) with the one provided by the organization’s representatives. Make sure it’s an accurate match. Don’t disconnect even if there are minor uppercase and lowercase alphabet differences. This is the fastest method evil twin attackers use to trick users, who trust the similar SSIDs and end up connecting their device to a cybercriminal’s server.
Avoid Using Open Wi-Fi Networks.
Do not use open Wi-Fi networks even if you wish to simply browse and kill time. Your mobile devices or laptops might have sensitive files and folders that might not access at the very moment. However, if an attacker gets into your device and plants malware, he can virtually follow you everywhere even after leaving the venue.
Use the Right Cybersecurity Tools.
If you are a freelancer, prevention is definitely better than risking your reputation and losing clients. Install and activate these cybersecurity tools today to secure your identity and data:
Virtual Private Network is a secure tunnel created on a conventional network with the intent to encrypt online traffic exchanged between a device and web servers. VPN masks IP Address and prevents potential data breaches because no intruder, internet service provider or tracker can monitor your online activity. But choosing a VPN for cybersecurity reasons can be tricky. Many free services claim to protect user data but store and sell it to third parties to generate revenue. When subscribing to a service, make sure to check certain factors such as the location of the datacenter, simultaneous connections, kill switches, zero-logging policy, and encryption standards. The best VPN service provider will always utilize 256-bit AES technology, will be based in a safe jurisdiction and will never show advertisements.
Antivirus programs provide device-level security by blocking ads, automatically scanning for malware, and notifying users of excessive battery or data consumption. The best antivirus program will always generate reports about potential data leaks, scan Wi-Fi programs before the device establishes a connection and will not show ads. Most antivirus programs seek permissions to access storage, contacts, email accounts, gallery, messaging apps, microphone and camera; this is logically acceptable since this access permission enables them to run an effective scan process. Similar to a VPN service provider, investing in a free antivirus program can be critical for your data.
⦁ Secure Email Provider
Use a secure email provider which offers end-to-end encryption for emails and subject lines when in transit or at rest. Doing so will prevent unauthorized access to your communication messages and email attachments when you exchange them via email. If you are using Gmail, which is a partially secure email platform because of its limited TLS encryption, make sure to at least complete the security checklist available in your account dashboard. You can check independent review websites like Techradar or Reddit to gain an understanding of how different secure email providers work.
⦁ Password Managers and 2 Factor Authentication Apps
Password management is a key step to maintain online privacy and safety. These third-party apps tend to simplify the user experience by creating unique and complex passwords, changing them after regular intervals, notifying users of potential security compromises, and auto-filling passwords upon user directives. While most platforms already provide built-in 2FA features, you can choose third-party apps like Twilio Authy for biometric verification.
Be Careful on Public Wi-Fi.
Digital experts suggest freelancers avoid working on public Wi-Fi networks altogether. But this urgency strikes and you have to rely on a free Wi-Fi service, do not ever access your banking websites and digital payment platforms on these networks because any intruder can plant malware and cause serious financial damage to you, your clients, or partner freelancers associated with your business. Also, refrain from logging in to personal social media and professional platforms like LinkedIn because these accounts are the honeypots for cyberstalkers.
Disable Auto Connect Feature
Most devices have an auto-connect feature that lets users automatically connect to a certain Wi-Fi network when connectivity is strong. When using public Wi-Fi, make sure to disable this feature altogether, or from the settings of this particular free Wi-Fi. Doing so will prevent the network signals from chasing you and if you have accidentally connected to an evil twin of the legit connection, disabling auto-connect will at least block this fake connection from reaching your home.
Only Access HTTPS Websites
HTTPS indicates that a particular website is secure. Most websites have a lock at the beginning which is again, the indication of the website’s security. In case you stumble on a list of websites that only have “HTTP” before the main URL, do not open those links because they are potentially harmful and can store malicious cookies on your device to track your future online behavior. Similarly, if a website shows you an error message (which is usually a DoS attack), do not get diverted to another network with the same name since that could be a trap.
Not all intruders choose to cause short-term financial or ethical damage. Some may sniff data packets for research purposes or collect bulk digital footprints, process and use the analytics for marketing purposes. In any case, data leaks can be tremendously harmful and injurious. Evil Twin Attacks can have far-reaching effects and may pose more threats than meet the eye. However with the right tools by your side and information management habits, you can build a strong resistance against such attacks and protect your data and reputation in the freelance world.