What is 'evil twin phishing'? How do I protect my system from such attacks?
What is 'evil twin phishing'?
How can I be sure that whatever network I am trying to log into is safe from 'evil twin phishing'?
The "Evil Twin" is another name for Wi-phishing. Similar to the other type of phishing scam, it is a process in which individuals spoof wireless networks in order to trick users into sharing information such as credit card numbers. This attack relies on social engineering and human error to be successful.
For example, a wi-fi hot spot such as a restaurant, coffee shop, or airport uses a wireless service provider that charges a connection fee. To connect, you must provide a credit card number and certain other information. In this type of phishing, The “Evil Twin” pre-empts the hotspot's wireless signal with one of his own. He spoofs the legitimate network name, and replaces the registration or login page with a look-alike. The innocent customer ends up sharing information with the spoofer, rather than the hotspot provider. This enables “Evil Twin” to control the situation enough to redirect the customer to other fraudulent pages.
Nearly all smartphones are now equipped with WiFi functionality, making them highly vulnerable to attacks. There are various tools available that allow even the least talented hacker to exploit WiFi hotspots and intercept Web traffic.
* Use a strong personal firewall and good realtime malware protection. * Be sure that you are logging into a legitimate hotspot network. Check with the provider to confirm the network name and login page appearance. * Use passwords on only web sites that have a Secure Sockets Layer (SSL) key at the bottom right of the Web browser. * If on a laptop and your operating system offers an auto connect feature make sure it is disabled. * Do not use unsecured applications such as e-mail or instant messaging while at hot spots. Use hot spots for Web surfing only. Avoid making online purchases or any other financial transactions that require account numbers and passwords. These are risky and should be done on a secure network. * Do not give away your credentials or credit card information unless you are absolutely sure that it is not a trap.