Which of the following attacks is the wireless version of the phishing scam in which an attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider?
A.
Man-in-the-middle attack
B.
Evil twin phishing attack
C.
Salami attack
D.
Brute force attack
Explanation:
Evil twin phishing is the wireless version of the phishing scam. In this attack, an attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. He uses a bogus base station that someone connects to using Wi-Fi wireless technology. By imitating the name of another, legitimate wireless provider, they can fool people into trusting the internet services
that they are providing. When the users log into bank or e-mail accounts, the phishers have access to the entire transaction, since it is sent through their equipment. Unwitting web users are invited to log into the attacker’s server with bogus login prompts, tempting them to give away sensitive information such as usernames and passwords. Often users are unaware they have been duped until well after the incident has occurred. Users think they have logged on to a wireless hotspot connection when in fact they have been tricked into connecting to the attacker’s base station. The hacker jams the connection to the legitimate base station by sending a stronger signal within proximity to the wireless client – thereby turning itself into an ‘evil twin’.
Answer option A is incorrect. Man-in-the-middle attacks occur when an attacker successfully inserts an intermediary software or program between two communicating hosts. The intermediary software or program allows attackers to listen to and modify the communication packets passing between the two hosts. The software intercepts the communication packets and then sends the information to the receiving host.
The receiving host responds to the software, presuming it to be the legitimate client. Answer option D is incorrect. In a brute force attack, an attacker uses software that tries a large number of the keys combinations in order to get a password. To prevent such attacks, users should create passwords more difficult to guess, e.g., using a minimum of six characters, alphanumeric combinations, and lower-upper case combinations, etc. Answer option C is incorrect. A salami attack is a series of minor attacks that collectively result in a larger attack. Computers are ideally suited to automating this type of attack. It is a form of cybercrime usually used for the purpose of committing financial crimes. In this type of attack, cybercriminals steal money or resources a bit at a time from financial accounts on a computer.