We have three tips for you this issue to keep you from being "burned":
Beware the Evil Twin
That free open network you surf at your favorite coffee house might come with a hidden price tag: all the information you transmit over it could be intercepted!
Bogus WiFi hotspots, dubbed "Evil Twins" can look like the real thing but are specifically created to snatch your information. As reported in Science Daily, "In essence, users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's unauthorised base station. The latter jams the connection to a legitimate base station by sending a stronger signal within close proximity to the wireless client thereby turning itself into an 'Evil Twin'."
While the casual user may not be able to detect any difference, there are a few tell-tale signs to watch out for. "Sometimes the strongest signal will be a computer to computer connection. That’s a big red flag. You should never select the WiFi signal that has an icon of two computers joined together. That could be someone sitting right next to you, looking to steal your information", according to Joe Shortsleeve in Beware Of WiFi Bandits Known As 'Evil Twins'.
How can you protect yourself? Shortsleeve has three suggestions:
- Disable the option on your laptop that automatically connects to the closest or strongest hotspot. (The article referenced above includes step-by-step instructions.)
- Pay attention to pop up warnings. They may seem like a nuisance, but they are there to protect you.
- Plug in at home if you plan to do any major transactions.
Science Daily, "'Evil Twin' Hotspots Are A New Menace For Internet Users, Warns Cranfield University",
CBS Boston, "Beware Of WiFi Bandits Known As 'Evil Twins'", http://cbs4boston.com/specialreports/local_story_227155439.html
Cell phone users should be on the lookout for SMiShing attacks: phishing via SMS (Short Messaging Service). A recent posting on the McAffe Avert Labs blog (McAffe coined the phrase "SMiShing") warns cell phone users of messages that prompt them to click on links or they may incur a fee. A current scam message is "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order: < www dot bogus link>." Unsuspecting users visit the web site and download the program they've been instructed to, which is actually a Trojan horse. Their compromised computer is then under the hacker's control.
How to avoid this newest social engineering fraud? Stay alert and remember one of computing's basic rules: Never click on an attachment or a link in an incoming message unless you know who sent it and you are expecting it.
McAffee Avert Labs, "SMiShing - an emerging threat vector",
T H I N K
Do you have a profile on Facebook, MySpace, or maybe Friendster?Are there any personal details you might not want others to see, such as a future employer, your professor, a roommate or a stalker?Just how locked down is your profile?
These social networking sites all provide privacy controls that let you select who can and can’t view information such as your address, phone number and birth date. If you've got something a little too personal in your profile, check your settings to see who can see it. You should also check out the THINK web site for other tips and food for thought.