How to Tell If You Logged Into Your Bank on a Fake Wi-Fi Hotspot

    There you are, enjoying a coffee at your favourite cafe, and you spy free Wi-Fi! You connect, do a bit of online banking, and then get on with your day. But what if that Wi-Fi wasn't legitimate? What if it was an "Evil Twin" hotspot, set up by a scammer to steal your information?

    If you've entered your banking details into a website or app while connected to an unfamiliar Wi-Fi network that you now suspect was fake, assume your credentials have been captured. Take immediate action to protect your accounts.

    Recognising a Fake Wi-Fi Hotspot

    Evil Twin hotspots are designed to look like legitimate public Wi-Fi networks. They often have very similar names to the real network (e.g., "Cafe_Free_Wifi" instead of "Cafe Free Wifi"). Scammers set these up to intercept your internet traffic, especially when you log into sensitive accounts like your bank.

    • The Wi-Fi network name (SSID) is slightly different from what you'd expect.
    • You're asked to sign in or provide personal information immediately after connecting, even before opening a web browser.
    • The connection is unusually slow or unreliable.
    • Your phone or computer warns you about an untrusted certificate when you try to access a secure website (websites starting with "https://").

    Signs You May Have Logged In On a Fake Hotspot

    It can be tricky to tell if you've been caught by an Evil Twin. Beyond the signs of the hotspot itself, there are clues to look for if you've already used your banking app or website while connected to public Wi-Fi.

    • You were redirected to an unexpected login page that looked slightly off or had a different web address.
    • The banking app or website behaved strangely, like showing errors or not loading correctly after you entered your details.
    • You didn't receive a usual two-factor authentication (2FA) prompt, or the prompt looked suspicious (e.g., unexpected SMS message or app notification).

    Checking Your Bank Accounts for Suspicious Activity

    The most important step is to scrutinise your bank accounts for any transactions you don't recognise. Scammers work quickly, so act fast.

    • Log in to your online banking through your bank's *official* app or website (always type the address directly or use a saved bookmark, don't click links).
    • Check your transaction history thoroughly for all accounts, including savings and credit cards.
    • Look for small, unusual transactions; scammers often test stolen details with tiny purchases first.

    What to Do Immediately: Assume Your Details Are Stolen

    If you suspect you've logged into your bank on a fake Wi-Fi, you must assume your login details are compromised. Taking swift action can prevent significant financial loss.

    • Change your online banking password immediately. Choose a strong, unique password.
    • Enable or strengthen two-factor authentication (2FA) on your banking accounts. This often involves codes sent to your phone or generated by an app.
    • Contact your bank's fraud department. Explain what happened and ask them to monitor your accounts for suspicious activity.
    • Consider placing a temporary lock or freeze on your cards if your bank offers this feature, especially if you see unusual transactions.
    • If you use the same password for other online services, change those too. This is why having unique passwords for each service is important.

    Protecting Yourself from Evil Twin Hotspots

    Prevention is always better than cure. By being a little more cautious, you can significantly reduce your risk of falling victim to these scams.

    • Avoid logging into sensitive accounts, especially banking, while using public Wi-Fi.
    • Use your phone's mobile data (3G/4G/5G) for banking or other sensitive activities when you're out and about.
    • If you must use public Wi-Fi, use a reputable Virtual Private Network (VPN). A VPN encrypts your internet traffic, protecting it from interception.
    • Always check the website address. Ensure it starts with "https://" and there's a padlock icon in your browser's address bar. For banking, make sure the domain name is exactly correct (e.g., "yourbank.com.au").
    • Disable automatic Wi-Fi connection on your devices so you can manually review networks before joining them.

    Key takeaway

    Falling for an Evil Twin Wi-Fi hotspot can be a scary experience, especially when it involves your bank. Remember, if you suspect your banking details have been compromised, act quickly by changing passwords and contacting your bank. By staying vigilant and using secure connections, you can protect your financial information and peace of mind.

    More from Network Security

    No image

    How to Use Email and Social Apps Safely on Public Wi-Fi

    Reduce the chance of repeat exposure on public networks.
    No image

    How to Recover Email and Social Accounts After an Evil-Twin Wi-Fi Login

    Reset access on each affected account from a clean device.
    No image

    How to Tell If Your Email or Social Login Was Captured on a Fake Wi-Fi

    You signed into email or social on a fake hotspot — those credentials should be considered stolen.