Many of you may not remember several of the earlier recessions. Or if so, they didn’t affect you, but for those of us who remembers them and they affected us we know that with them come are lots of ways to bankrupt you by scammers.
I’m no computer expert so bear with me if some of the techie terminology is wrong. (wireless networks)
From Wikipedia, the free encyclopedia.
“Evil twin” wireless networks –
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. It primary target hotspots but the with the covid-19 virus it is increasingly becoming a problem again.
The evil twin is the wireless LAN equivalent of the phishing scam.
This type of attack may be used to steal the passwords of unsuspecting users, either by monitoring their connections or by phishing, which involves setting up a fraudulent web site and luring people there.
2 Using Captive portals
5 External links
The attacker snoops on Internet traffic using a bogus wireless access point. Unwitting web users may be invited to log into the attacker’s server, prompting them to enter sensitive information such as usernames and passwords. Often, users are unaware they have been duped until well after the incident has occurred.
When users log into unsecured (non-HTTPS) bank or e-mail accounts, the attacker intercepts the transaction, since it is sent through their equipment. The attacker is also able to connect to other networks associated with the users’ credentials.
Fake access points are set up by configuring a wireless card to act as an access point (known as HostAP). They are hard to trace since they can be shut off instantly. The counterfeit access point may be given the same SSID and BSSID as a nearby Wi-Fi network. The evil twin can be configured to pass Internet traffic through to the legitimate access point while monitoring the victim’s connection, or it can simply say the system is temporarily unavailable after obtaining a username and password.
One of the most commonly used attacks under evil twins, is a captive portal. At first the attacker would create a fake wireless access point that has a similar Essid to the legitimate access point, after this has been done, the attacker then Denial-of-service attack the legitimate access point which will cause it to go offline, thus far the clients would connect to the fake access point automatically since it is similar to the legitimate one. The clients would then be led to a web portal that will be requesting them to enter their password, and this would work as a social engineering attack. When the clients have entered their legitimate access point’s password the password will be sent to the attacker.
KARMA attack, a variant on the evil twin attack
Snarfing” is the action of grabbing data and using it without the owner’s consent. In the example shown above, a false access point is created that strongly emulates the legitimate access point.
Wireless LAN Security
To some people this can be very tempting when you don’t have a large data plan to use free Wi-Fi at places like Starbucks or hotels.