WEBINAR: Live Date: December 14, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Modernizing Authentication — What It Takes to Transform Secure Access REGISTER >
Experts say the risks are growing because computer networks are increasingly being patched together through the Internet, with more entry points into the system than ever before. Laptops, PDAs, Wi-Fi hotspots and even cell phones form a loose-knit circle of methods to accesses the Web.
''There are more opportunities for attack, and there are more ways into the network,'' Phil Nobles, wireless Internet and cyber-crime expert at the Defense Academy of the United Kingdom, said.
And because most executives aren't up-to-date on the latest cyber crimes, said Nobles, it is safe to assume that the corporate world is adding to the problem.
Evil twin attacks occur at Wi-Fi hotspots where hackers can easily snatch a Wi-Fi signal out of the air, set up a fake connection that looks like the real one, and then wait for information galore.
''In essence, users think they've logged on to a wireless hotspot connection when, in fact, they've been tricked to connect to the attacker's un-authorized base station,'' Nobles said.
The evil twin pages look like the real thing and may even be hijacked copies of the wireless Web log-in pages that are the gateways to Wi-Fi access.
''Once the user is connected to the 'evil twin', the cyber criminal can intercept data being transmitted, such as bank details or personal information,'' Nobles said.
Business executives who use wireless hotspots in airports and hotels need to be wary of these sophisticated phishing scam, he added. Corporate users are urged to use hotspots only for Web surfing -- not for checking bank accounts or accessing databases, which require passwords or confidential login information. Experts advise users to enter passwords or data only into Web sites that contain a Secure Sockets Layer key at the bottom-right of the Web browser. Turning off or removing wireless cards from the system are another good way to prevent a malicious third party from accessing the computer.