Evil twin phishing
From Wikipedia, the free encyclopedia
Evil twin is the wireless version of the phishing scam. An attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider.
Wireless devices link to the Internet via "hotspots" - nearby connection points that they lock on to. But these hotspots can act like an open door to thieves. Anyone with suitable equipment can locate a hotspot and take its place, substituting their own "evil twin".
[edit] Method
The attacker uses a bogus base station that latches on to someone using Wi-Fi wireless technology. Victims think their laptops or mobile phones are connected to bona fide wireless Internet connections. Once they connect to the wireless network, the evil twins can access and steal their login information, in addition to confidential information which could potentially lead to identity theft.
Unwitting web users are invited to log into the attacker's server with bogus login prompts, tempting them to give away sensitive information such as usernames and passwords. Often users are unaware they have been duped until well after the incident has occurred.
Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker's base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client - thereby turning itself into an 'evil twin.'
Virtual private networks or end to end encryption may be used to protect passwords, E-mail and other sensitive information.
