Business users who frequent airport and other wireless hot spots are being warned of a new, more sophisticated variant of the "Evil Twin" phishing scam that appeared in January.
AirDefense has warned fraudulent websites that appear to be log-in sites for legitimate Wi-Fi hot spot vendors. When you log-in and access the phony sites - providing personally ID information - your laptop is hit with as many 45 viruses.
The scammers are targeting business travellers in hotels and at airports, so wireless users at hot spots in shopping centres and coffee shops aren't thought to be at risk.
"These attacks are being driven by business because so much business, so many transactions, are done over the Internet," said Jay Chaudhry, the chairman and co-founder of AirDefense. "There's a lot of this going on, and business people need to be careful. The average business executive has no clue."
"Wireless security is a race with hackers," Chaudhry added. "Hackers have moved away from the challenge of simply trying to access a device. They are now interested in commercial gain. The most lucrative and easiest place for that is business hot spots such as airport lounges, hotels and conferences."
The phishing scam was discovered at several recent wireless technology trade shows, the company said.
The scam is a more sophisticated version of the Evil Twin attack, also known as the AP (access point) phishing scam. With that, an attacker poses as a legitimate hot spot and tricks victims into connecting to the hacker's laptop or handheld device. Once the victim connects, the attacker can attempt to coerce the user into revealing personal and confidential information.
To avoid becoming victims of the latest scam, AirDefense recommends that wireless users take several security steps. When accessing their accounts at hot spots, users should enter passwords only into websites that include a Secure Sockets Layer key at the bottom right of the Web browser. Users should also avoid hot spots where it's difficult to tell who is connected, such as at hotels and airport clubs. Hot spots should only be used for Web surfing and not for making online purchases or any other transactions where account numbers or passwords are needed, the company said.
Users should also turn off or remove their wireless cards from their computers when they aren't accessing a hot spot to prevent others from accessing their machines, the company said. Users are also encouraged not to use unsecured applications such as e-mail or instant messaging while at hot spots.
All very wise advice but let's be honest, all very unlikely as well.