WLAN Book by EmailWiFi Phishing
Below is the opening sentence from Wikipedia’s entry for “phishing”.
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.
The most common example of phishing are emails crafted to look like official messages from Ebay, PayPal, or financial institutions. These messages usually instruct the user to confirm account information like by clicking a link in the email, completing a form by providing username, passwords, and/or pin numbers and clicking submit. The fake web page usually looks just like the actual page so that most users would not know that they have been “phished” and their private information harvested.
WiFi phishing occurs in public hotspots where users connect to open access points. Attackers take advantage of the fact that the SSID is visible to anyone within the wireless LAN coverage area (even if it is being “cloaked”/hidden). An attacker uses the this public information and configures an access point with the same SSID to lure wireless users to the fake access point. Since most clients will connect to the access point with the strongest signal, new hotspot users will get “phished” by the attacker’s access point. A more sophisticated method is to force the existing wireless LAN clients to disconnect from the real access point and then reconnect to the attacker’s access point.
Once the user is connected/redirected to the attacker’s access point the attacker would use exploits gain access to the users PC.
Phished Hotspot User
- “Free Public WiFi” SSID
Free Public WiFi The “Free Public WiFi” SSID seems to be everywhere - at airports, on planes, and in hotels. Based on what the SSID spells,... - WiFi SSID and Subliminal Advertising
Kaspersky Lab recently published a report about WiFi networks in London. The report contains the usual information about transmission speeds, equipment manufacturers, and use of... - Man-In-The-Middle (MITM) Attack
A man-in-the-middle (MITM) attack occurs when an attacker inserts himself between two devices and is able to read, insert, modify messages between the two devices.... - Rogue Wireless Station
A rogue wireless station is an unauthorized station connected to a network via an access point. The access point used for connectivity can either be...
Related posts brought to you by Yet Another Related Posts Plugin.
If you liked this post, subscribe using below
WLAN Book RSS Feed
WLAN Book by Email
.
Filed under: WLAN Security
WLAN Book RSS Feed
Leave a Reply