11-28-2011 10:29 PM
Good day everyone.
Thank you for help with my previous question. I have another so bear with me - I heard that there is such a thing as 'evil twin phishing', and while I have some idea of what phishing means, I am worried about this 'evil twin thing' more as I travel quite a bit and sometimes use free wi-fi available at cafes and stores.
How can I be sure that whatever network I am trying to log into is safe from this evil twin thing? In the first place, can smartphones even get virus attacks??
Thank you in advance.
Solved! Go to Solution.
11-29-2011 02:25 AM
The "Evil Twin" is another name for Wi-phishing. Similar to the other type of phishing scam, it is a process in which individuals spoof wireless networks in order to trick users into sharing information such as credit card numbers. This attack relies on social engineering and human error to be successful.
For example, a wi-fi hot spot such as a restaurant, coffee shop, or airport uses a wireless service provider that charges a connection fee. To connect, you must provide a credit card number and certain other information. In this type of phishing, The “Evil Twin” pre-empts the hotspot's wireless signal with one of his own. He spoofs the legitimate network name, and replaces the registration or login page with a look-alike. The innocent customer ends up sharing information with the spoofer, rather than the hotspot provider. This enables “Evil Twin” to control the situation enough to redirect the customer to other fraudulent pages.
As mentioned in the article here:
Nearly all smartphones are now equipped with WiFi functionality, making them highly vulnerable to attacks. There are various tools available that allow even the least talented hacker to exploit WiFi hotspots and intercept Web traffic.
In addition, one of our panelists has an article on smartphone security here:
In order to avoid this type of phishing scam:
* Use a strong personal firewall and good realtime malware protection.
* Be sure that you are logging into a legitimate hotspot network. Check with the provider to confirm the network name and login page appearance.
* Use passwords on only web sites that have a Secure Sockets Layer (SSL) key at the bottom right of the Web browser.
* If on a laptop and your operating system offers an auto connect feature make sure it is disabled.
* Do not use unsecured applications such as e-mail or instant messaging while at hot spots. Use hot spots for Web surfing only. Avoid making online purchases or any other financial transactions that require account numbers and passwords. These are risky and should be done on a secure network.
* Do not give away your credentials or credit card information unless you are absolutely sure that it is not a trap.
If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
Microsoft MVP - Consumer Security
Member of Alliance of Security Analysis Professionals
12-01-2011 09:13 AM