Hackers are using phony WiFi networks to hack into employee or guest computers to steal sensitive information. Hackers go to a company location that they want to hack and setup their phony WiFi network with a name that matches any existing company WiFis. An unaware employee or company guest mistakenly joins the phony WiFi network and end-up sharing company information with the hackers. Also, once employees or guests are on the hackers’ WiFi they can be redirected to a dummy website to collect sensitive information.
Companies and their IT departments can do the following to save themselves from such traps:
- Ask employees:
- Not to connect any WiFi if they see similar or same names. Ask them to alarm IT department immediately.
- To ensure that browser URLs match before and after website download.
- To never submit information to a non SSL company sites.
- Ask IT department:
- To periodically check for existence of phony WiFis that match existing WiFi names.
- To use SSL in every company site.
- To never deploy non-SSL sites for sharing company sensitive information.
For more information contact CDSBureau at contact@cdsbureau.com.