Showing results for 
Search instead for 
Did you mean: 
Paper Tape
Posts: 5
Location: Hannover
Views: 721
Message 1 of 3

Evil twin phishing

Good day everyone.

Thank you for help with my previous question. I have another so bear with me - I heard that there is such a thing as 'evil twin phishing', and while I have some idea of what phishing means, I am worried about this 'evil twin thing' more as I travel quite a bit and sometimes use free wi-fi available at cafes and stores.


How can I be sure that whatever network I am trying to log into is safe from this evil twin thing? In the first place, can smartphones even get virus attacks??



Thank you in advance.

Community SeniorMod
Community SeniorMod
Posts: 1,852
Location: US
Views: 702
Message 2 of 3

Re: Evil twin phishing

The "Evil Twin" is another name for Wi-phishing. Similar to the other type of phishing scam, it is  a process in which individuals spoof wireless networks in order to trick users into sharing information such as credit card numbers. This attack relies on social engineering and human error to be successful.

For example, a wi-fi hot spot such as a restaurant, coffee shop, or airport uses a wireless service provider that charges a connection fee. To connect, you must provide a credit card number and certain other information. In this type of phishing, The “Evil Twin” pre-empts the hotspot's wireless signal with one of his own. He spoofs the legitimate network name, and replaces the registration or login page with a look-alike. The innocent customer ends up sharing information with the spoofer, rather than the hotspot provider. This enables “Evil Twin” to control the situation enough to redirect the customer to other fraudulent pages.

As mentioned in the article here:

Nearly all smartphones are now equipped with WiFi functionality, making them highly vulnerable to attacks. There are various tools available that allow even the least talented hacker to exploit WiFi hotspots and intercept Web traffic.

In addition, one of our panelists has an article on smartphone security here:

In order to avoid this type of phishing scam:

* Use a strong personal firewall and good realtime malware protection.
* Be sure that you are logging into a legitimate hotspot network. Check with the provider to confirm the network name and login page appearance.
* Use passwords on only web sites that have a Secure Sockets Layer (SSL) key at the bottom right of the Web browser.
* If on a laptop and your operating system offers an auto connect feature make sure it is disabled.
* Do not use unsecured applications such as e-mail or instant messaging while at hot spots. Use hot spots for Web surfing only. Avoid making online purchases or any other financial transactions that require account numbers and passwords. These are risky and should be done on a secure network.
* Do not give away your credentials or credit card information unless you are absolutely sure that it is not a trap.

Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.


1972vet Microsoft MVP
Microsoft MVP
Posts: 14
Location: United States
Views: 602
Message 3 of 3

Re: Evil twin phishing

Although I'm a little late to this party, I recalled reading it the other day and remembered your question related to your usage of the "SmartPhone" and thought This News Item might also be of interest to you.

The best practice these days, is first to adopt a new attitude whenever you decide to do anything online. Gone are the days when one could feel anomomous.

Be certain...whatever you do with an Internet Connection that you would also do in full view of the public. Whether you are, or aren't isn't the issue...but whether you mind, is.

When one has the lawful right to assume privacy, then invasion of it is likely to draw sympathy from any jury. But these days, with Internet usage having such a large volume of users, there are some "ne'er-do-wells" who find no level too low for them to stoop.
Microsoft MVP - Consumer Security
Member of Alliance of Security Analysis Professionals
Top Kudoed Authors