A similar point: how scammers cheat with public Wi-Fi
In social networks of Sheremetyevo airport reminded of the need to use only the official Wi-Fi point of the air terminal. Earlier it was reported that in this air harbor fraudsters steal Telegram accounts using public Wi-Fi. Experts told Izvestia how open networks can be dangerous and how to protect your data from fraudsters who give away the Internet for free.
How fraudsters use Wi-Fi in Sheremetyevo
About attackers who can operate on the territory of the airport, warned in social networks Sheremetyevo.
"The free _Sheremetyevo Wi-Fi network operates on the entire territory of the airport. Authorization of users in it is carried out by cell phone number. Do not connect on the territory of Sheremetyevo to networks with other names. When connecting to public Wi-Fi networks, do not send authorization data from social networks," the message says.
Earlier it was reported that at the airport found a free Wi-Fi access point, with the help of which fraudsters stole the accounts of visitors to Sheremetyevo. In the waiting room passengers connected to the access point SVO_Free, which offered to go through the authorization procedure through Telegram, namely with a six-digit combination from the history of correspondence with the service bot, which was actually the access code to the account.
Sheremetyevo airport did not answer Izvestia's question about what the new warning was related to and whether many similar facts have been recorded.
Do fraudsters often use Wi-Fi
Mikhail Sergeev, a leading engineer at CorpSoft24, notes that open Wi-Fi points were especially dangerous in the 2000s, when the http protocol was used almost everywhere.
- But now almost all services, sites and applications work through the ssl protocol and transmit data in encrypted form. A point cannot intercept the password from Telegram, as it is transmitted in encrypted form, all messages and all traffic in general are encrypted," he said. - If even theoretically imagine that an attacker has the password to your account, the Telegram security system will require you to receive an SMS to your phone number or confirm your login on another device that is already authorized.
Mikhail Sergeev called what was happening at Sheremetyevo airport a regular phishing, when the user himself gives the password and code to some site that is loaded when connecting to the point.
Alexei Drozd, head of the security department of SerchInform, also points out that fraudsters are now less likely to use fake Wi-Fi points, although there is no exact data on this matter.
- "I think that scammers have switched to easier and safer ways of working," he told Izvestia. - Nevertheless, one should always beware of publicly available networks. After all, fraudsters can be anywhere, even on an airplane. Such a case was last year in Australia - a man created fake Wi-Fi hotspots right on board an airplane.
Last year, American Forbes conducted a study and found that four out of ten users had their data compromised while using public Wi-Fi. The most common data breaches occurred when connecting to an open network in cafes, airports or hotels.
How fraudsters are using Wi-Fi
Alexander Vurasko, development director of the Solar AURA (Solar Group of Companies) external digital threat monitoring center, said that the main task of attackers in this case is to intercept valuable information.
- Now it is not so easy to do it, as most services use some encryption mechanisms, but it is still possible to get something," emphasized the Izvestia interlocutor. - When a person connects to an illegitimate Wi-Fi network, all his Internet traffic starts to go through the attackers' device. It can be analyzed at once, but it is easier to save it, come home and try to pull out passwords and other information that was transmitted in unencrypted form.
According to him, fraudsters can spoof DNS and redirect user requests from a particular site to a phishing portal.
- If it's a network without encryption, where you don't need to enter a key to connect, then a lot of possibilities open up: the data exchange between your device and the Wi-Fi access point will be unencrypted," he said.
The scheme used by the fraudsters in Sheremetyevo is as simple and "elegant" as possible, the expert said: instead of a site for registration, a person gets to a phishing resource. And few people read the message with the code - they just enter the numbers.
Dmitry Galov, head of Kaspersky GReAT in Russia, notes that attackers can create fake Wi-Fi access points with a name that even coincides with the name of the real access point in the same location - a cafe or other public place, and users mistakenly connect to such a "double".
Can fraudsters be identified by Wi-Fi point?
Mikhail Sergeev notes that the Wi-Fi point is connected to the Internet provider, so law enforcement agencies can track who the account is registered to and find the owner.
- Inaddition, there are a lot of surveillance cameras nowadays, and it is quite difficult to set up an access point somewhere and remain unnoticed," the expert believes.
However, this point can also be an ordinary smartphone, says Alexander Vurasko.
- Some person with a smartphone in his pocket or a laptop in his backpack walked around the airport for half an hour and collected accounts during that time. Who's that in the crowd? He doesn't show himself in any way," the expert said. - Of course, there is direct human involvement here: someone must be in the right place. Although there are options here as well. Especially since people realize what has happened when the attackers are most likely no longer around.
How to distinguish good Wi-Fi from bad
Mikhail Sergeev emphasizes that there is no such thing as good or bad Wi-Fi.
- You can lose your account or money using good Wi-Fi," he said. - First of all, you should be vigilant when using any network - you may be lured to a fake site. Always check in the address bar for the domain you are visiting. Attackers can use similar ones: for example, instead of gosuslugi.ru - guslugi.ru.
Alexei Drozd also urges to pay attention to the procedure for getting access - a good Wi-Fi will not ask for a code from social networks or the portal "Gosuslugi", will not send a link to connect to the messenger. Do not access Wi-Fi and through authorization in social network accounts - you can show the fraudster credentials.
- You can rely on the authorization page, 2FA, respected name, etc. But this has all been spoofed long ago and successfully. Sometimes dishonest Wi-Fi looks better than trustworthy Wi-Fi," Igor Bochkarev, co-owner and executive director of Open Solutions LLC, noted. - The best thing is not to use unknown Wi-Fi hotspots at all.
If there is no possibility not to use an open network, it is better to use a VPN to hide your traffic from the provider and intruders as much as possible, the expert said.
Dmitry Galov notes that in addition to encrypting traffic from phishing resources, users can be saved by security software - it will warn if a person tries to go to a fake page.
-It is important to combine technical solutions with constant improvement of digital literacy and follow basic security rules: make sure that you connect to an official Wi-Fi point, deactivate the function of automatic connection to public Wi-Fi points by default," he said. - And if you are asked to enter confidential data to connect, including access codes to log in to messenger accounts, that's a reason to be wary.
Переведено сервисом «Яндекс Переводчик»
